5.5

CVE-2021-38164

SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.

Data is provided by the National Vulnerability Database (NVD)
SAPErp Financial Accounting Version100
SAPErp Financial Accounting Version101
SAPErp Financial Accounting Version102
SAPErp Financial Accounting Version103
SAPErp Financial Accounting Version104
SAPErp Financial Accounting Version105
SAPErp Financial Accounting Version602
SAPErp Financial Accounting Version603
SAPErp Financial Accounting Version604
SAPErp Financial Accounting Version605
SAPErp Financial Accounting Version606
SAPErp Financial Accounting Version616
SAPErp Financial Accounting Version618
SAPErp Financial Accounting Version700
SAPErp Financial Accounting Version720
SAPErp Financial Accounting Version730
SAPErp Financial Accounting Versions4core
SAPErp Financial Accounting Versionsap_appl_-_600
SAPErp Financial Accounting Versionsap_fin_-_617
SAPErp Financial Accounting Versionsapscore_-_125
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.13% 0.291
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.4 2.8 2.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov 5.5 8 4.9
AV:N/AC:L/Au:S/C:P/I:P/A:N
cna@sap.com 5.4 2.8 2.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.