CVE-2021-27637

CWE-668Exposure to Wrong Sphere3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 82.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Enable NOW (sap Workforce Performance Builder - Manager)SAP Enable NOW
Timeline
PublishedJun 9
Latest updateMay 24

Description

Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 1.0, 10 allows an attacker to access information which would otherwise be restricted leading to information disclosure.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

NVDsap/enable_now1.0, 10.0+1

🔴Vulnerability Details

2
GHSA
GHSA-2v37-rf3r-pc63: Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 12022-05-24
CVEList
CVE-2021-27637: Under certain conditions SAP Enable Now (SAP Workforce Performance Builder - Manager), versions - 12021-06-09
CVE-2021-27637 (MEDIUM CVSS 4.6) | Under certain conditions SAP Enable | cvebase.io