Lucene search

[email protected]NVD:CVE-2021-21467

HistoryJan 12, 2021 - 3:15 p.m.

CVE-2021-21467

2021-01-1215:15:16

CWE-862

[email protected]

web.nvd.nist.gov

sap banking services

authorization checks

escalation of privileges

generic market data

gmd

improper authorization

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.

Affected configurations

Nvd

Node

sapbanking_servicesMatch-

VendorProductVersionCPE
sapbanking_services-cpe:2.3:a:sap:banking_services:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	banking_services	-	cpe:2.3:a:sap:banking_services:-:::::::*

References

launchpad.support.sap.com/#/notes/3008422

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2021-21467

cve1 prion1 cvelist1