CVE-2021-21486 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sap	CNA	6.8 MEDIUM	NETWORK	HIGH	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Vendor	Product	Version
sap	enterprise_financial_services	1.01
sap	enterprise_financial_services	1.02
sap	enterprise_financial_services	1.03
sap	enterprise_financial_services	1.04
sap	enterprise_financial_services	1.05
sap	enterprise_financial_services	6.00
sap	enterprise_financial_services	6.03
sap	enterprise_financial_services	6.04
sap	enterprise_financial_services	6.05
sap	enterprise_financial_services	6.06
sap	enterprise_financial_services	6.16
sap	enterprise_financial_services	6.17
sap	enterprise_financial_services	6.18
sap	enterprise_financial_services	8.0

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-862 - Missing Authorization
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

References

https://launchpad.support.sap.com/#/notes/3007888

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107

https://launchpad.support.sap.com/#/notes/3007888

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107