Vulnerabilities > CVE-2021-42062 - Missing Authorization vulnerability in SAP ERP Human Capital Management 600/604/608

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
sap
CWE-862

Summary

SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.

Common Weakness Enumeration (CWE)