CVE-2021-42062

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Erp Hcm Portugal
Vendor: CVE Published:; 10 November 2021

Summary

SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.

Affected Version(s)

SAP ERP HCM Portugal < 600 < 600

SAP ERP HCM Portugal < 604 < 604

SAP ERP HCM Portugal < 608 < 608

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3104456

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 10, 2021
Vulnerability Reserved
Oct 7, 2021