Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2021-40502

SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to.

  • Published: Nov 10, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-40502
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

Software From Fixed in
sap / commerce 2105.3 2105.3.x
sap / commerce 2011.13 2011.13.x
sap / commerce 2005.18 2005.18.x
sap / commerce 1905.34 1905.34.x