CVE-2021-40501

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:abap_platform_kernel:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform_kernel:7.81:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform_kernel:7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform_kernel:7.86:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-11-10 16:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-40501

Mitre link : CVE-2021-40501

CVE.ORG link : CVE-2021-40501


JSON object : View

Products Affected

sap

  • abap_platform_kernel
CWE
CWE-862

Missing Authorization