CVE-2021-40502
CVE-2021-40502 affects SAP Commerce versions 2105.3, 2011.13, 2005.18, and 1905.34. The issue stems from missing authorization checks for an authenticated user, enabling privilege escalation to access and edit data from B2B units the user does not belong to. The NVD entry lists CVSS v3.1 base sco...