CVE-2021-40502

SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
sapcommerce
1905.34
sapcommerce
2005.18
sapcommerce
2011.13
sapcommerce
2105.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3110328
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864
https://launchpad.support.sap.com/#/notes/3110328
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864