Auth bypass in Sap Abap_platform_kernel
CVE-2021-40501
SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify…
Vulnerability class: Broken Access Control
EPSS: 0.007 (49.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Sap Abap_platform_kernel — versions 7.77, 7.81, 7.85
- Sap Se Abap Platform Kernel — versions < 7.77, < 7.81, < 7.85
Weakness classification (CWE)
References
- cna@sap.com (Permissions Required, x_refsource_MISC, Vendor Advisory)
- cna@sap.com (x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2021-40501?
- CVE-2021-40501 is a high-severity vulnerability in Sap Abap_platform_kernel, classified under Missing Authorization. CVSS score: 8.1/10. Published 2021-11-10.
- How severe is CVE-2021-40501?
- High severity. CVSS v3 base score is 8.1 out of 10.