CVE-2021-27605

Name of the Vulnerable Software and Affected Versions SAP HCM Travel Management Fiori Apps V2 version 608

Description The issue allows an authenticated but unauthorized attacker to bypass authorization checks, resulting in the escalation of privileges. This enables the attacker to read certain employee information, including personnel numbers, last names, and first names, leading to a loss of confidential information. However, the attack does not impact the integrity or availability of the system.

Recommendations For SAP HCM Travel Management Fiori Apps V2 version 608, update to a version that includes proper authorization checks to prevent unauthorized access to employee information.