CVE-2021-40501

EUVD-2021-27677
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
sapabap_platform_kernel
7.77
sapabap_platform_kernel
7.81
sapabap_platform_kernel
7.85
sapabap_platform_kernel
7.86
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3099776
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864
https://launchpad.support.sap.com/#/notes/3099776
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864