6.5
CVE-2021-21468
- EPSS 0.42%
- Veröffentlicht 12.01.2021 15:15:16
- Zuletzt bearbeitet 21.11.2024 05:48:26
- Quelle cna@sap.com
- CVE-Watchlists
- Unerledigt
LoginThe BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Business Warehouse Version710
SAP ≫ Business Warehouse Version711
SAP ≫ Business Warehouse Version730
SAP ≫ Business Warehouse Version731
SAP ≫ Business Warehouse Version740
SAP ≫ Business Warehouse Version750
SAP ≫ Business Warehouse Version751
SAP ≫ Business Warehouse Version752
SAP ≫ Business Warehouse Version753
SAP ≫ Business Warehouse Version754
SAP ≫ Business Warehouse Version755
SAP ≫ Business Warehouse Version782
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.61 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:N
|
| cna@sap.com | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.