CVE-2021-40501

Summary

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP ABAP Platform Kernel< 7.77affected
SAP SESAP ABAP Platform Kernel< 7.81affected
SAP SESAP ABAP Platform Kernel< 7.85affected
SAP SESAP ABAP Platform Kernel< 7.86affected

Weaknesses

  • CWE-862: CWE-862

ADP Enrichment

CVE Program Container

Additional References

References