CVE-2021-21487

SAP Payment Engine version 500, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
6.8 MEDIUM
ADJACENT_NETWORK
LOW
LOW
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3023778
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107
https://launchpad.support.sap.com/#/notes/3023778
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107