CVE-2020-6234: 
Sap Host Agent vulnerability analysis and mitigation

SAP Host Agent version 7.21 contains a privilege escalation vulnerability (CVE-2020-6234) that allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system. The vulnerability was discovered in early 2020 and was addressed by SAP through Security Note 2902645 (SAP Note).

The vulnerability exists in the SOAP interface exposed by SAP Host Agent on ports 1128 or 1129 (TLS). Due to improper input validation and lack of sanitization of certain parameters, several exposed functions were vulnerable to OS command injection. The vulnerability has been assigned a CVSS v3.1 base score of 7.2 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NIST NVD).

Since some of the vulnerable functions are executed with root/system privileges, an attacker with SAP SMD Agent user access can exploit this vulnerability to escalate privileges to root/system level, potentially gaining complete control over the affected system (Full Disclosure).

SAP has released patches through SAP Security Note 2902645 to address this vulnerability. Organizations should download and apply the security fixes to affected components immediately. The patch is available for SAPHOSTAGENT 7.21 SP045 and lower versions (Full Disclosure).