CVE-2021-21486

{"id": "CVE-2021-21486", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2021-03-09T15:15:14.960", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3007888", "tags": ["Permissions Required", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://launchpad.support.sap.com/#/notes/3007888", "tags": ["Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."}, {"lang": "es", "value": "SAP Enterprise Financial Services versiones , 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, no llevan a cabo unas comprobaciones de autorizaci\u00f3n necesarias para un usuario autenticado, resultando en una escalada de privilegios"}], "lastModified": "2024-11-21T05:48:28.227", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:enterprise_financial_services:1.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9939E6A3-772B-4A12-925C-24B16F71AC16"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:1.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D909C83-6FE7-4AB9-9B11-7EC33EDDDA0F"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:1.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50D6020F-911D-4097-9797-51BFF66A71D1"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:1.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93CC1703-9D38-4390-9ED8-64B7640EFE92"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:1.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9736A35F-6BFC-46AB-8C97-0872E1459C34"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:6.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50CD7494-50B3-4167-90E8-5F9671E4C315"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:6.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9217EEF-D896-49B1-B083-EA9A27B50255"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:6.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94D6D8B8-BE7E-4AC3-BE30-1870A37A37FD"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:6.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "513796F8-CD90-4FC0-B7EE-1D820302064D"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:6.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7E8169B-7F3C-4EAE-AE16-699474C5C8D1"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:6.16:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A189AED2-ACA6-45EC-94D0-02FF4E8E6496"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:6.17:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "409525B0-4027-4102-A040-B19E9CFD9247"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:6.18:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71487B12-23A2-4159-8EE8-43CE3C8222B2"}, {"criteria": "cpe:2.3:a:sap:enterprise_financial_services:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFE7D301-0978-4914-A776-B05500740CE4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}