← back
CVE-2021-40501

CVE-2021-40501

EPSS 0.7%CWE-862
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Nov 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.
Affected products
SAP SE · SAP ABAP Platform Kernel

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/3099776https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864