CVE-2021-42062

Summary

SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP ERP HCM Portugal< 600affected
SAP SESAP ERP HCM Portugal< 604affected
SAP SESAP ERP HCM Portugal< 608affected

Weaknesses

  • CWE-862: CWE-862

ADP Enrichment

CVE Program Container

Additional References

References