Vulnerability Description
SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resulting in escalation of privileges. However, the attacker can only read some information like last name, first name of the employees, so there is some loss of confidential information, Integrity and Availability are not impacted.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Fiori Apps 2.0 For Travel Management In Sap Erp | < 608 |
Related Weaknesses (CWE)
References
- https://launchpad.support.sap.com/#/notes/3025054Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649Vendor Advisory
- https://launchpad.support.sap.com/#/notes/3025054Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649Vendor Advisory
FAQ
What is CVE-2021-27605?
CVE-2021-27605 is a vulnerability with a CVSS score of 4.3 (MEDIUM). SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization check, allowing an authenticated but unauthorized attacker to read personnel numbers of employees, resul...
How severe is CVE-2021-27605?
CVE-2021-27605 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27605?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Fiori Apps 2.0 For Travel Management In Sap Erp.