CVE-2021-27609

Summary

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Focused RUN< 200affected
SAP SESAP Focused RUN< 300affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References