SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3027937 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2021-04-13T18:38:46
Updated: 2021-04-13T18:38:46
Reserved: 2021-02-23T00:00:00
Link: CVE-2021-27598
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-13T19:15:15.117
Modified: 2022-10-07T19:16:05.243
Link: CVE-2021-27598
JSON object: View
Redhat Information
No data.