Vulnerability Details : CVE-2021-21467
SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.
Exploit prediction scoring system (EPSS) score for CVE-2021-21467
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2021-21467
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST |
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
SAP SE |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2021-21467
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-21467
-
https://launchpad.support.sap.com/#/notes/3008422
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
SAP Security Patch Day – January 2021 - Product Security Response at SAP - Community WikiVendor Advisory
Products affected by CVE-2021-21467
- cpe:2.3:a:sap:banking_services:-:*:*:*:*:*:*:*