Vulnerability CVE-2021-40501


Published: 2021-11-10

Description:
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.

Type:

CWE-862

(Missing Authorization)

CVSS2 => (AV:N/AC:L/Au:S/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.5/10
4.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None
Affected software
SAP -> Abap platform kernel 

 References:
https://launchpad.support.sap.com/#/notes/3099776
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864

Copyright 2022, cxsecurity.com

 

Back to Top