← back
CVE-2021-21467

CVE-2021-21467

CVSS 4.3 MEDIUMEPSS 0.8%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Jan 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
SAP SE · SAP Banking Services (Generic Market Data)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/3008422https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476