← voltar
CVE-2023-24523

CVE-2023-24523

CVSS 8.8 HIGHEPSS 0.2%CWE-668
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.8EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 fev 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An attacker authenticated as a non-admin user with local access to a server port assigned to the SAP Host Agent (Start Service) - versions 7.21, 7.22, can submit a crafted ConfigureOutsideDiscovery request with an operating system command which will be executed with administrator privileges.  The OS command can read or modify any user or system data and can make the system unavailable.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Produtos afetados
SAP · Host Agent Service

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://launchpad.support.sap.com/#/notes/3285757https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html