Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local Privilege Escalation in SAP Host Agent (Windows)
Vulnerability Description
In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
访问控制不恰当
Vulnerability Title
SAP Host Agent 访问控制错误漏洞
Vulnerability Description
SAP Host Agent是德国思爱普(SAP)公司的一套支持操作系统监视、数据库监视和系统实例监视等多项生命周期管理任务的代理程序。 SAP Host Agent 7.21和7.22版本存在访问控制错误漏洞,该漏洞源于获得SAP_LocalAdmin本地成员资格的攻击者可以用恶意文件替换可执行文件(该文件将在特权帐户下启动)。
CVSS Information
N/A
Vulnerability Type
N/A