PT-2021-17545 · Sap · Sap Earlywatch Alert+1

Published

2021-04-13

Updated

2021-04-20

CVE-2021-27609

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SAP Focused RUN versions 200, 300

Description The issue concerns a lack of necessary authorization checks for authenticated users, allowing them to manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without proper authorization. This can be achieved by calling the oData service.

Recommendations For SAP Focused RUN versions 200, 300, consider restricting access to the oData service until a fix is available to prevent unauthorized manipulation of the SAP EarlyWatch Alert service.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2021-27609

Affected Products

Sap Earlywatch Alert

Sap Focused Run

PT-2021-17545 · Sap · Sap Earlywatch Alert+1

CVE-2021-27609

Weakness Enumeration

Related Identifiers

Affected Products

References · 4