Unauthenticated User Can Manipulate SAP EarlyWatch Alert Service Activation

Unauthenticated User Can Manipulate SAP EarlyWatch Alert Service Activation

CVE-2021-27609 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization.

Learn more about our User Device Pen Test.