CVE-2021-21468

Summary

The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Business Warehouse< 710affected
SAP SESAP Business Warehouse< 711affected
SAP SESAP Business Warehouse< 730affected
SAP SESAP Business Warehouse< 731affected
SAP SESAP Business Warehouse< 740affected
SAP SESAP Business Warehouse< 750affected
SAP SESAP Business Warehouse< 751affected
SAP SESAP Business Warehouse< 752affected
SAP SESAP Business Warehouse< 753affected
SAP SESAP Business Warehouse< 754affected
SAP SESAP Business Warehouse< 755affected
SAP SESAP Business Warehouse< 782affected

Weaknesses

  • Missing Authorization check

ADP Enrichment

CVE Program Container

Additional References

References