CVE-2020-6183: 
Sap Host Agent vulnerability analysis and mitigation

SAP Host Agent version 7.21 contains a Missing Authorization Check vulnerability identified as CVE-2020-6183. The vulnerability was disclosed on February 12, 2020, and allows an unprivileged user to read from or write to shared memory by sending requests to the main SAPOSCOL process. The responses may contain sensitive data read with root privileges, including directory sizes, system hardware information, and OS details (SecurityWeek, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. The vulnerability is classified as CWE-862 (Missing Authorization Check). The attack vector is network-based, requires no privileges or user interaction, and can potentially impact both confidentiality and integrity of the system (NVD).

When exploited, this vulnerability allows unauthorized access to sensitive system information through the SAPOSCOL process. An attacker can read or write to shared memory with root privileges, potentially accessing critical system information including directory sizes, hardware details, and operating system information (AttackerKB).

SAP has addressed this vulnerability through security patches. Organizations running SAP Host Agent version 7.21 should upgrade to a patched version as specified in SAP Security Note 2836445 (SAP Note).