Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server. There is no impact on integrity or availability.

Related CVEs

CVE-2023-36926

Key Information

GHSA ID

GHSA-8qg9-9fqc-xjj6

Published

August 8, 2023 3:30 AM

Last Modified

September 26, 2024 9:31 PM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 4, 2025 6:33 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.