CVE-2021-42062

EUVD-2021-29048
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3104456
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864
https://launchpad.support.sap.com/#/notes/3104456
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864