Vulnerability Details : CVE-2021-41251

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released in version 1.52.0. Users unable to upgrade are advised to disable destination caching (it is disabled by default).
Published 2021-11-05 23:15:09
Updated 2021-11-15 16:31:27
Source GitHub, Inc.
View at NVD,   CVE.org
Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2021-41251

Probability of exploitation activity in the next 30 days: 0.17%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 54 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-41251

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
2.6
 LOW AV:N/AC:H/Au:N/C:P/I:N/A:N
4.9
2.9
 NIST
5.9
 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.2
3.6
 GitHub, Inc.

CWE ids for CVE-2021-41251

References for CVE-2021-41251

Products affected by CVE-2021-41251

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close