Vulnerability Details CVE-2021-42067
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.5%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2021-42067
-
cpe:2.3:a:sap:netweaver_abap:701
-
cpe:2.3:a:sap:netweaver_abap:702
-
cpe:2.3:a:sap:netweaver_abap:711
-
cpe:2.3:a:sap:netweaver_abap:730
-
cpe:2.3:a:sap:netweaver_abap:731
-
cpe:2.3:a:sap:netweaver_abap:740
-
cpe:2.3:a:sap:netweaver_abap:750
-
cpe:2.3:a:sap:netweaver_abap:751
-
cpe:2.3:a:sap:netweaver_abap:752
-
cpe:2.3:a:sap:netweaver_abap:753
-
cpe:2.3:a:sap:netweaver_abap:754
-
cpe:2.3:a:sap:netweaver_abap:755
-
cpe:2.3:a:sap:netweaver_abap:756
-
cpe:2.3:a:sap:netweaver_abap:786
-
cpe:2.3:a:sap:netweaver_application_server_abap:701
-
cpe:2.3:a:sap:netweaver_application_server_abap:702
-
cpe:2.3:a:sap:netweaver_application_server_abap:711
-
cpe:2.3:a:sap:netweaver_application_server_abap:730
-
cpe:2.3:a:sap:netweaver_application_server_abap:731
-
cpe:2.3:a:sap:netweaver_application_server_abap:740
-
cpe:2.3:a:sap:netweaver_application_server_abap:750
-
cpe:2.3:a:sap:netweaver_application_server_abap:751
-
cpe:2.3:a:sap:netweaver_application_server_abap:752
-
cpe:2.3:a:sap:netweaver_application_server_abap:753
-
cpe:2.3:a:sap:netweaver_application_server_abap:754
-
cpe:2.3:a:sap:netweaver_application_server_abap:755
-
cpe:2.3:a:sap:netweaver_application_server_abap:756
-
cpe:2.3:a:sap:netweaver_application_server_abap:786