Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

CVE-2020-6183 Unprivileged Access to technical data using SAPOSCOL of SAP Host Agent, SAP security note 2836445

Description

The SAP Oscollector allows an unauthenticated attacker to query the background service that would otherwise be restricted to authorized users. The SAP Oscollector being an application that is usually only exposed internally, attacks are only possible from within this network. Once this vulnerability is exploited, the attacker can get statistics like CPU, RAM, directory size, and others. Attacker may be able to stop the collection process, thus affecting the availability of the service itself. If the attacker doesn’t have access to SAPOSCAL binary, they could just copy it to their home folder and perform the attack.

Available fix and Supported packages

  • SAPHOSTAGENT | 7.21 | 7.21
  • SAP HOST AGENT 7.21 | SP045 | 000045

Affected component

    BC-CCM-MON-OS
    Operating System Monitoring Tool

CVSS

Score: 5.3
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2836445

TAGS

#unprivileged-read
#shared-memory
#permissions
#&160-CVE-2020-6183

Explore More

RedRays AI for ABAP Code Security

Empowering Secure, Efficient, and Compliant SAP ABAP Development—in Real Time and Without Data Retention In today’s rapidly evolving business landscape, organizations increasingly

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.