A malicious authenticated attacker, with privileges of SAP SMD Agent access, can exploit certain SAP Host Control functions due to missing input checking, in order to escalate its privileges and execute commands as root/system user. SAPHOSTAGENT versions 7.21 SP045 and lower are affected.
142744fe9b0c3f1be50152d98aa9e05c2d39162094e44f0b5019958cd1b69d8c