CVE-2021-44233

Published: Dec 14, 2021Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges.

Affected (3)

Products: Sap: Access Control

Sap

1 product

Access Control

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Sap Access Control	Version v1100_700
Sap Access Control	Version v1100_731
Sap Access Control	Version v1200_750

Related CWEs

CWE-862

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

https://launchpad.support.sap.com/#/notes/3080816

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3080816

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.