CVE-2021-33671

moderate-risk
Published 2021-07-14

SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. The impact of missing authorization could result to abuse of functionality restricted to a particular user group, and could allow unauthorized users to read, modify or delete restricted data.

Do I need to act?

-
0.22% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (6)

Netweaver Guided Procedures
Netweaver Guided Procedures
Netweaver Guided Procedures
Netweaver Guided Procedures
Netweaver Guided Procedures
Netweaver Guided Procedures

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/3059446
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
Permissions Required https://launchpad.support.sap.com/#/notes/3059446
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
44
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 1/34 · Minimal
Exposure 13/34 · Low