CVE-2021-38164

SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.

Published: Sep 14, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-38164
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
sap / erp_financial_accounting	602	602.x
sap / erp_financial_accounting	603	603.x
sap / erp_financial_accounting	604	604.x
sap / erp_financial_accounting	605	605.x
sap / erp_financial_accounting	606	606.x
sap / erp_financial_accounting	616	616.x
sap / erp_financial_accounting	sap_fin_-_617	sap_fin_-_617.x
sap / erp_financial_accounting	618	618.x
sap / erp_financial_accounting	700	700.x
sap / erp_financial_accounting	720	720.x
sap / erp_financial_accounting	730	730.x
sap / erp_financial_accounting	sapscore_-_125	sapscore_-_125.x
sap / erp_financial_accounting	s4core	s4core.x
sap / erp_financial_accounting	100	100.x
sap / erp_financial_accounting	101	101.x
sap / erp_financial_accounting	102	102.x
sap / erp_financial_accounting	103	103.x
sap / erp_financial_accounting	104	104.x
sap / erp_financial_accounting	105	105.x
sap / erp_financial_accounting	sap_appl_-_600	sap_appl_-_600.x

Vulnerability Database

290,273

CVE-2021-38164