8.1

CVE-2021-40501

EPSS 0.18%
Veröffentlicht 10.11.2021 16:15:08
Zuletzt bearbeitet 21.11.2024 06:24:16
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Abap Platform Kernel Version7.77

SAP ≫ Abap Platform Kernel Version7.81

SAP ≫ Abap Platform Kernel Version7.85

SAP ≫ Abap Platform Kernel Version7.86

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.368

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://launchpad.support.sap.com/#/notes/3099776

Vendor Advisory

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-40501

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-40501

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-40501

EUVD