CVE-2023-27498
First published: Tue Mar 14 2023(Updated: )
SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailable
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Host Agent | =7.22 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-27498?
CVE-2023-27498 is a vulnerability in SAP Host Agent (SAPOSCOL) version 7.22 that allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error.
How severe is CVE-2023-27498?
CVE-2023-27498 has a severity score of 7.2, which is considered high.
What is the affected software for CVE-2023-27498?
The affected software for CVE-2023-27498 is SAP Host Agent version 7.22.
How can an attacker exploit CVE-2023-27498?
An attacker can exploit CVE-2023-27498 by sending a crafted request to a server port assigned to the SAP Start Service to trigger a memory corruption error.
Are there any mitigations or patches available for CVE-2023-27498?
Yes, SAP has released patches and mitigation recommendations for CVE-2023-27498. It is recommended to apply these updates to protect against this vulnerability.
- collector/nvd-index
- vendor/sap
- canonical/sap host agent
- version/sap host agent/7.22