The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2022/May/42 | Exploit Mailing List Third Party Advisory |
https://launchpad.support.sap.com/#/notes/2986980 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2021-01-12 15:15
Updated : 2024-02-28 18:08
NVD link : CVE-2021-21468
Mitre link : CVE-2021-21468
CVE.ORG link : CVE-2021-21468
JSON object : View
Products Affected
sap
- business_warehouse
CWE
CWE-862
Missing Authorization