CVE-2021-27609

CWE-862Missing Authorization3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 66.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Focused RUNSAP Focused RUN
Timeline
PublishedApr 13
Latest updateMay 24

Description

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_focused_run< 200+1
NVDsap/focused_run200, 300+1

🔴Vulnerability Details

2
GHSA
GHSA-89c5-cmj9-mcpm: SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData se2022-05-24
CVEList
CVE-2021-27609: SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData se2021-04-13
CVE-2021-27609 (MEDIUM CVSS 6.5) | SAP Focused RUN versions 200 | cvebase.io