Unauthorized Access to Systems and Services via S/4 Hana Dashboard in SAP NetWeaver AS for ABAP and ABAP Platform

Unauthorized Access to Systems and Services via S/4 Hana Dashboard in SAP NetWeaver AS for ABAP and ABAP Platform

CVE-2021-42067 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.

Learn more about our User Device Pen Test.