← back
CVE-2020-6183

CVE-2020-6183

CVSS 5.3 MEDIUMEPSS 0.7%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Feb 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP Host Agent, version 7.21, allows an unprivileged user to read the shared memory or write to the shared memory by sending request to the main SAPOSCOL process and receive responses that may contain data read with user root privileges e.g. size of any directory, system hardware and OS details, leading to Missing Authorization Check vulnerability.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
SAP SE · SAP Host Agent

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2836445https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812