Lucene search

SapCVELIST:CVE-2021-38175

HistorySep 14, 2021 - 11:21 a.m.

CVE-2021-38175

2021-09-1411:21:42

sap

www.cve.org

sap analysis

microsoft office

vulnerability

data theft

user interaction

confidentiality

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there would be an impact on integrity and confidentiality.

CNA Affected

[
  {
    "product": "SAP Analysis for Microsoft Office",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.8"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3082500

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for CVELIST:CVE-2021-38175