CVE-2021-38164
5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < SAP_APPL - 600 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 602 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 603 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 604 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 605 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 606 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 616 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < SAP_FIN - 617 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 618 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 700 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 720 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 730 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < SAPSCORE - 125 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < S4CORE | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 100 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 101 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 102 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 103 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 104 | affected |
| SAP SE | SAP ERP Financial Accounting (RFOPENPOSTING_FR) | < 105 | affected |
Weaknesses
- CWE-862: CWE-862: Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
- https://launchpad.support.sap.com/#/notes/3068582
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
- https://launchpad.support.sap.com/#/notes/3068582
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.