Insufficient Authorization Checks in SAP ERP HCM Portugal Payroll Data Report

Insufficient Authorization Checks in SAP ERP HCM Portugal Payroll Data Report

CVE-2021-42062 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.

Learn more about our Web Application Penetration Testing UK.