Attacker Could Replace Local Files, Causing High Impact on Confidentiality and Integrity

CVE-2024-47595

7.1HIGH

Key Information

Vendor: SAP
Status: SAP Host Agent
Vendor: CVE Published:; 12 November 2024

Summary

An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application.

Affected Version(s)

SAP Host Agent = SAPHOSTAGENT 7.22

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Nov 12, 2024
Vulnerability Reserved.
Sep 27, 2024

Collectors

NVD DatabaseMitre Database