Missing Authorization Check in SAP NetWeaver AS JAVA Customer Usage Provisioning Servlet
CVE-2021-27598 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet.
Learn more about our Web Application Penetration Testing UK.