SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/3030948 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2021-04-13T18:45:06
Updated: 2021-04-13T18:45:06
Reserved: 2021-02-23T00:00:00
Link: CVE-2021-27609
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-13T19:15:15.537
Modified: 2021-04-20T19:38:48.223
Link: CVE-2021-27609
JSON object: View
Redhat Information
No data.
CWE