CVE-2021-21467
4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Banking Services (Generic Market Data) | < 400 | affected |
| SAP SE | SAP Banking Services (Generic Market Data) | < 450 | affected |
| SAP SE | SAP Banking Services (Generic Market Data) | < 500 | affected |
Weaknesses
- Missing Authorization Check
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
- https://launchpad.support.sap.com/#/notes/3008422
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
- https://launchpad.support.sap.com/#/notes/3008422
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.