CVE-2020-6234

Description

SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

SAP_SE / SAP Host Agent< 7.21 – < 7.21

References

MISChttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
MISChttps://launchpad.support.sap.com/#/notes/2902645
MAILING_LISThttp://seclists.org/fulldisclosure/2021/Apr/5
EXPLOIThttp://packetstormsecurity.com/files/162084/SAP-Host-Control-Local-Privilege-Escalation.html