CVE-2021-21486

Summary

SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 101affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 102affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 103affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 104affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 105affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 600affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 603affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 604affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 605affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 606affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 616affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 617affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 618affected
SAP SESAP Enterprise Financial Services (Bank Customer Accounts)< 800affected

Weaknesses

  • Missing Authorization check

ADP Enrichment

CVE Program Container

Additional References

References