PT-2022-11540 · Sap · Sap Netweaver As Abap+2
Published
2022-01-14
·
Updated
2023-08-08
·
CVE-2021-42067
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver AS for ABAP and ABAP Platform versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786
Description
The issue allows an attacker, authenticated as a regular user, to use the S/4 Hana dashboard to reveal systems and services that they would not normally be allowed to see. No information alteration or denial of service is possible.
Recommendations
For SAP NetWeaver AS for ABAP and ABAP Platform versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, consider restricting access to the S/4 Hana dashboard to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Abap Platform
S/4Hana
Sap Netweaver As Abap