CVE-2021-40501

Published: Nov 10, 2021Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.

Affected (4)

Products: Sap: Abap Platform Kernel

1 product

Abap Platform Kernel

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Sap Abap Platform Kernel	Version 7.77
Sap Abap Platform Kernel	Version 7.81
Sap Abap Platform Kernel	Version 7.85
Sap Abap Platform Kernel	Version 7.86

Related CWEs

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://launchpad.support.sap.com/#/notes/3099776

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3099776

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.