Lucene search

SapCVELIST:CVE-2021-21467

HistoryJan 12, 2021 - 2:41 p.m.

CVE-2021-21467

2021-01-1214:41:45

sap

www.cve.org

sap banking services

authorization

escalation

privileges

gmd

user

unauthorized

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.

CNA Affected

[
  {
    "product": "SAP Banking Services (Generic Market Data)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 400"
      },
      {
        "status": "affected",
        "version": "< 450"
      },
      {
        "status": "affected",
        "version": "< 500"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3008422

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2021-21467