CVE-2021-40501

CWE-862Missing Authorization3 documents3 sources
Severity
8.1HIGH
EPSS
0.2%
top 60.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Abap Platform KernelSAP Abap Platform Kernel
Timeline
PublishedNov 10
Latest updateMay 24

Description

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

NVDsap/abap_platform_kernel4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-wh2j-mxwv-765p: SAP ABAP Platform Kernel - versions 72022-05-24
CVEList
CVE-2021-40501: SAP ABAP Platform Kernel - versions 72021-11-10
CVE-2021-40501 (HIGH CVSS 8.1) | SAP ABAP Platform Kernel - versions | cvebase.io