← Back

CVE-2021-38164

nvd nist
Published: Sep 14, 2021Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.5
Source: NVD

Description

SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.

Affected (20)

Sap
1 product
Erp Financial Accounting
Configuration A
20 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Erp Financial Accounting
Version 100
Erp Financial Accounting
Version 101
Erp Financial Accounting
Version 102
Erp Financial Accounting
Version 103
Erp Financial Accounting
Version 104
Erp Financial Accounting
Version 105
Erp Financial Accounting
Version 602
Erp Financial Accounting
Version 603
Erp Financial Accounting
Version 604
Erp Financial Accounting
Version 605
Erp Financial Accounting
Version 606
Erp Financial Accounting
Version 616
Erp Financial Accounting
Version 618
Erp Financial Accounting
Version 700
Erp Financial Accounting
Version 720
Erp Financial Accounting
Version 730
Erp Financial Accounting
Version s4core
Erp Financial Accounting
Version sap_appl_-_600
Erp Financial Accounting
Version sap_fin_-_617
Erp Financial Accounting
Version sapscore_-_125

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.