Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2024-47595
CVE-2024-47595:
Sap Host Agent vulnerability analysis and mitigation
Overview
CVE-2024-47595 is a security vulnerability affecting SAP Host Agent version 7.22. The vulnerability was discovered and disclosed in November 2024. The issue allows an attacker with local membership to the sapsys group to replace local files that are typically protected by privileged access (NVD).
Technical details
The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) by NIST with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N, while SAP SE rated it with a score of 6.3 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N. The vulnerability is classified under CWE-266 (Incorrect Privilege Assignment) (NVD).
Impact
Upon successful exploitation, this vulnerability could have a high impact on both the confidentiality and integrity of the application. The vulnerability allows unauthorized modification of protected files, potentially compromising sensitive system data (NVD).
Mitigation and workarounds
SAP has released patches to address this vulnerability. Users of the affected SAP Host Agent version 7.22 are advised to apply the latest security updates (ASEC).
Additional resources
Source: This report was generated using AI
Related Sap Host Agent vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management