Lucene search

SapCVELIST:CVE-2021-27605

HistoryApr 13, 2021 - 6:44 p.m.

CVE-2021-27605

2021-04-1318:44:13

sap

www.cve.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

SAP’s HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last name, first name of the employees, so there is some loss of confidential information, Integrity and Availability are not impacted.

CNA Affected

[
  {
    "product": "SAP Fiori Apps 2.0 for Travel Management in SAP ERP",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 608"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3025054

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.7%

JSON

Related for CVELIST:CVE-2021-27605