CVE-2021-40497

EPSS 0.24%
Veröffentlicht 12.10.2021 15:15:09
Zuletzt bearbeitet 21.11.2024 06:24:15
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Businessobjects Analysis Version420

SAP ≫ Businessobjects Analysis Version430

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.439

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3098917

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-40497

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40497

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40497

EUVD