Memory Corruption vulnerability in SAP Host Agent (SAPOSCOL)
CVE-2023-27498

7.2HIGH

Key Information:

Vendor: SAP
Status: Host Agent (SAPoscol)
Vendor: CVE Published:; 14 March 2023

What is CVE-2023-27498?

The SAP Host Agent (SAPOSCOL) version 7.22 is susceptible to a memory corruption issue that allows unauthenticated attackers with network access to exploit a server port assigned to the SAP Start Service. By submitting a specially crafted request, attackers can trigger a memory corruption error. This vulnerability can potentially expose technical information about the server without the ability to modify it, and it may lead to temporary service disruptions.

Affected Version(s)

Host Agent (SAPOSCOL) 7.22

References

https://launchpad.support.sap.com/#/notes/3275727

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2023
Vulnerability Reserved
Mar 2, 2023