CVE-2021-21467

Summary

SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Banking Services (Generic Market Data)< 400affected
SAP SESAP Banking Services (Generic Market Data)< 450affected
SAP SESAP Banking Services (Generic Market Data)< 500affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References