CVE-2021-21467

Опубликовано: 12 янв. 2021

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.

Ссылки

https://launchpad.support.sap.com/#/notes/3008422
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
Vendor Advisory
https://launchpad.support.sap.com/#/notes/3008422
Permissions Required
Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:banking_services:-:*:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00105

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-c22m-68hj-67c6

CVSS3: 4.3

github

больше 3 лет назад

SAP Banking Services (Generic Market Data) 400, 450, and 500 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.

EPSS

Процентиль: 29%

0.00105

Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-862