First published: Wed Jul 14 2021(Updated: )
SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver Guided Procedures | =7.10 | |
SAP NetWeaver Guided Procedures | =7.20 | |
SAP NetWeaver Guided Procedures | =7.30 | |
SAP NetWeaver Guided Procedures | =7.31 | |
SAP NetWeaver Guided Procedures | =7.40 | |
SAP NetWeaver Guided Procedures | =7.50 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2021-33671.
The severity of CVE-2021-33671 is 8.8 (high).
SAP NetWeaver Guided Procedures versions 7.10, 7.20, 7.30, 7.31, 7.40, and 7.50 are affected by CVE-2021-33671.
The impact of CVE-2021-33671 is the escalation of privileges for an authenticated user, resulting in the abuse of restricted functionality.
Yes, you can find references for CVE-2021-33671 at the following links: [link1](https://launchpad.support.sap.com/#/notes/3059446) and [link2](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506).