CVE-2021-40501

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.

Published: Nov 10, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-40501
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.1
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
sap / abap_platform_kernel	7.81	7.81.x
sap / abap_platform_kernel	7.85	7.85.x
sap / abap_platform_kernel	7.86	7.86.x
sap / abap_platform_kernel	7.77	7.77.x

https://launchpad.support.sap.com/#/notes/3099776
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864

Vulnerability Database

290,020

CVE-2021-40501