Auth bypass in Sap Abap_platform_kernel

CVE-2021-40501

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify…

Vulnerability class: Broken Access Control

EPSS: 0.007 (49.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Weakness classification (CWE)

References

  • cna@sap.com (Permissions Required, x_refsource_MISC, Vendor Advisory)
  • cna@sap.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2021-40501?
CVE-2021-40501 is a high-severity vulnerability in Sap Abap_platform_kernel, classified under Missing Authorization. CVSS score: 8.1/10. Published 2021-11-10.
How severe is CVE-2021-40501?
High severity. CVSS v3 base score is 8.1 out of 10.