CVE-2021-40497

EPSS 0.24%
Published 12.10.2021 15:15:09
Last modified 21.11.2024 06:24:15
Source cna@sap.com
Teams watchlist Login
Open Login

SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Businessobjects Analysis Version420

SAP ≫ Businessobjects Analysis Version430

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.24%	0.439

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3098917

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-40497

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40497

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40497

EUVD