CVE-2021-21486
First published: Tue Mar 09 2021(Updated: )
SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Enterprise Financial Services | =1.01 | |
| SAP Enterprise Financial Services | =1.02 | |
| SAP Enterprise Financial Services | =1.03 | |
| SAP Enterprise Financial Services | =1.04 | |
| SAP Enterprise Financial Services | =1.05 | |
| SAP Enterprise Financial Services | =6.00 | |
| SAP Enterprise Financial Services | =6.03 | |
| SAP Enterprise Financial Services | =6.04 | |
| SAP Enterprise Financial Services | =6.05 | |
| SAP Enterprise Financial Services | =6.06 | |
| SAP Enterprise Financial Services | =6.16 | |
| SAP Enterprise Financial Services | =6.17 | |
| SAP Enterprise Financial Services | =6.18 | |
| SAP Enterprise Financial Services | =8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-21486?
CVE-2021-21486 is classified as a medium severity vulnerability due to its potential for privilege escalation.
How does CVE-2021-21486 affect SAP Enterprise Financial Services?
CVE-2021-21486 affects SAP Enterprise Financial Services by allowing unauthorized access through insufficient authorization checks for authenticated users.
How do I fix CVE-2021-21486?
To fix CVE-2021-21486, it is recommended to apply the latest security patches released by SAP as specified in their security advisory.
Which versions of SAP Enterprise Financial Services are impacted by CVE-2021-21486?
CVE-2021-21486 affects SAP Enterprise Financial Services versions 1.01 to 8.0.
What types of attacks can CVE-2021-21486 enable?
CVE-2021-21486 can enable attacks that exploit privilege escalation, allowing unauthorized actions by authenticated users.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- agent/author
- agent/source
- vendor/sap
- canonical/sap enterprise financial services
- version/sap enterprise financial services/1.01
- version/sap enterprise financial services/1.02
- version/sap enterprise financial services/1.03
- version/sap enterprise financial services/1.04
- version/sap enterprise financial services/1.05
- version/sap enterprise financial services/6.00
- version/sap enterprise financial services/6.03
- version/sap enterprise financial services/6.04
- version/sap enterprise financial services/6.05
- version/sap enterprise financial services/6.06
- version/sap enterprise financial services/6.16
- version/sap enterprise financial services/6.17
- version/sap enterprise financial services/6.18
- version/sap enterprise financial services/8.0