CVE-2021-27605
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last name, first name of the employees, so there is some loss of confidential information, Integrity and Availability are not impacted.
HCM Travel Management Fiori Apps V2 de SAP, versión - 608, no lleva a cabo una comprobación de autorización apropiada, permitiendo a un atacante autenticado pero no autorizado leer los números personales de los empleados, resultando en una escalada de privilegios. Sin embargo, el atacante solo puede leer determinada información como el apellido, el nombre de los empleados, por lo que hay determinada pérdida de información confidencial, la Integridad y Disponibilidad no están afectadas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-23 CVE Reserved
- 2021-04-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 | 2021-04-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Sap Search vendor "Sap" | Fiori Apps 2.0 For Travel Management In Sap Erp Search vendor "Sap" for product "Fiori Apps 2.0 For Travel Management In Sap Erp" | < 608 Search vendor "Sap" for product "Fiori Apps 2.0 For Travel Management In Sap Erp" and version " < 608" | - |
Affected
|