CVE-2020-6234

Name: CVE-2020-6234
Creator: NVD / NIST
Published: 2020-04-14T19:15:18.14+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.2/10EPSS 3.56%

Last modified Jun 17, 2026

CVE-2020-6234 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.. EPSS estimates a 3.56% chance of exploitation in the next 30 days.

Description

SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.

Metrics

CVSS 3.1

7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

3.56%

87.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Sap	Host Agent	7.21

References

http://packetstormsecurity.com/files/162084/SAP-Host-Control-Local-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2021/Apr/5Mailing List, Third Party Advisory
https://launchpad.support.sap.com/#/notes/2902645Permissions Required, Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202Vendor Advisory
http://packetstormsecurity.com/files/162084/SAP-Host-Control-Local-Privilege-Escalation.htmlThird Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2021/Apr/5Mailing List, Third Party Advisory
https://launchpad.support.sap.com/#/notes/2902645Permissions Required, Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202Vendor Advisory

Timeline

Published: Apr 14, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-6234?

SAP Host Agent, version 7.21, allows an attacker with admin privileges to use the operation framework to gain root privileges over the underlying operating system, leading to Privilege Escalation.

How severe is CVE-2020-6234?

CVE-2020-6234 has a CVSS score of 7.2/10 (HIGH severity). The EPSS model estimates a 3.56% probability of exploitation in the next 30 days.

How do I fix CVE-2020-6234?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-6234?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST