Skip links

CVE-2020-6234 Privilege Escalation in SAP Host Agent, SAP security note 2902645

Description

An attacker with Host Agent admin privileges may use the SAP Host Agent’s Operation Framework to gain root privileges over the underlying operating system.

Available fix and Supported packages

  • SAPHOSTAGENT | 7.21 | 7.21
  • SAP HOST AGENT 7.21 | SP046 | 000000

Affected component

    BC-CCM-HAG
    Host Agent

CVSS

Score: 7.2
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2902645

TAGS

#Operation
#ExecuteOperation
#Autoupgrade
#saphostexec
#CVE-2020-6234