CVE-2021-42062

SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
sapCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3104456
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864
https://launchpad.support.sap.com/#/notes/3104456
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864