CVE-2021-21468

CWE-862Missing Authorization3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.4%
top 38.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business WarehouseSAP Business Warehouse
Timeline
PublishedJan 12
Latest updateMay 24

Description

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_business_warehouse< 710+11
NVDsap/business_warehouse12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-vv8p-qf65-j73w: The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows2022-05-24
CVEList
CVE-2021-21468: The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows2021-01-12
CVE-2021-21468 (MEDIUM CVSS 6.5) | The BW Database Interface does not | cvebase.io