Information Exposure Vulnerability in SAP Host Agent
CVE-2022-28774

5.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Host Agent
Vendor: CVE Published:; 11 May 2022

What is CVE-2022-28774?

The SAP Host Agent contains a vulnerability that allows sensitive information to be revealed through its logfile under certain conditions. This issue could lead to unauthorized access to data that is usually restricted, potentially impacting the confidentiality of the system. Organizations using SAP Host Agent should take note of this exposure to ensure their log management practices adequately safeguard sensitive information.

Affected Version(s)

SAP Host Agent 7.22

References

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3158188

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2022
Vulnerability Reserved
Apr 6, 2022