6.5
CVE-2021-27609
- EPSS 0.14%
- Veröffentlicht 13.04.2021 19:15:15
- Zuletzt bearbeitet 21.11.2024 05:58:17
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Focused Run Version200
SAP ≫ Focused Run Version300
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Typ | Quelle | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.14% | 0.301 |
Quelle | Base Score | Exploit Score | Impact Score | Vector String |
---|---|---|---|---|
nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
cna@sap.com | 4.6 | 2.1 | 2.5 |
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.