Privilege Escalation Vulnerability in SAP NetWeaver Guided Procedures

CVE-2021-33671

Summary

SAP NetWeaver Guided Procedures across multiple versions fail to implement essential authorization checks for authenticated users. This oversight allows users to escalate their privileges, potentially leading to unauthorized access to functionalities and data meant solely for specific user groups. The lack of robust permission verification can result in unauthorized users being able to read, modify, or even delete sensitive restricted data, posing significant security risks.

References