Privilege Escalation Vulnerability in SAP NetWeaver Guided Procedures
CVE-2021-33671
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 14 July 2021
What is CVE-2021-33671?
SAP NetWeaver Guided Procedures across multiple versions fail to implement essential authorization checks for authenticated users. This oversight allows users to escalate their privileges, potentially leading to unauthorized access to functionalities and data meant solely for specific user groups. The lack of robust permission verification can result in unauthorized users being able to read, modify, or even delete sensitive restricted data, posing significant security risks.
Affected Version(s)
SAP NetWeaver Guided Procedures (Administration Workset) < 7.10 < 7.10
SAP NetWeaver Guided Procedures (Administration Workset) < 7.20 < 7.20
SAP NetWeaver Guided Procedures (Administration Workset) < 7.30 < 7.30
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved