CVE-2020-6234

CVSS 7.2 HIGHEPSS 3.6%

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.2EPSS 3.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Apr 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

SAP SE · SAP Host Agent

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/162084/SAP-Host-Control-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2021/Apr/5 https://launchpad.support.sap.com/#/notes/2902645 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202