CVE-2020-6186: 
Sap Host Agent vulnerability analysis and mitigation

SAP Host Agent version 7.21 contains a vulnerability (CVE-2020-6186) that was disclosed on February 12, 2020. The vulnerability allows an attacker to cause a slowdown in processing of username/password-based authentication requests of the SAP Host Agent, leading to a Denial of Service condition (NVD, SecurityWeek).

The vulnerability has a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue is caused by operating system facilities that SAP Host Agent's authentication uses. These facilities often delay failed authentication requests to mitigate brute force authentication attacks. Due to SAP Host Agent's limit on parallel authentication requests, regular authentication requests can be slowed down by delayed responses (NVD).

The vulnerability affects the availability of the system by allowing attackers to cause a Denial of Service condition through authentication request processing slowdown. The impact is particularly significant as it affects the authentication mechanism itself, potentially disrupting legitimate user access to the system (SecurityWeek).

Several mitigation strategies are recommended: restricting access ports to the datacenter network, limiting access ports to trusted networks and addresses only, and allowing certificate-based authentication only (SecurityWeek).