What is the severity of CVE-2021-38164?

CVE-2021-38164 has been rated as medium severity due to its potential to allow unauthorized access to restricted functions.

How do I fix CVE-2021-38164?

To fix CVE-2021-38164, update your SAP ERP Financial Accounting software to the latest patched version provided by SAP.

Which versions of SAP ERP Financial Accounting are affected by CVE-2021-38164?

CVE-2021-38164 affects multiple versions including SAP_APPL 600 to 616, SAP_FIN 617 to 730, and specific S4CORE versions.

Can CVE-2021-38164 be exploited remotely?

Yes, CVE-2021-38164 can be exploited remotely by a registered attacker to invoke restricted functions.

What type of vulnerability is CVE-2021-38164?

CVE-2021-38164 is a software vulnerability that allows unauthorized access to certain functions within SAP ERP Financial Accounting.

Vulnerability/
CVE-2021-38164

medium

5.5

CWE

862

14/9/2021

4/8/2024

CVE-2021-38164

First published: Tue Sep 14 2021(Updated: )

SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP ERP	=100
SAP ERP	=101
SAP ERP	=102
SAP ERP	=103
SAP ERP	=104
SAP ERP	=105
SAP ERP	=602
SAP ERP	=603
SAP ERP	=604
SAP ERP	=605
SAP ERP	=606
SAP ERP	=616
SAP ERP	=618
SAP ERP	=700
SAP ERP	=720
SAP ERP	=730
SAP ERP	=s4core
SAP ERP	=sap_appl_-_600
SAP ERP	=sap_fin_-_617
SAP ERP	=sapscore_-_125

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-38164?
CVE-2021-38164 has been rated as medium severity due to its potential to allow unauthorized access to restricted functions.
How do I fix CVE-2021-38164?
To fix CVE-2021-38164, update your SAP ERP Financial Accounting software to the latest patched version provided by SAP.
Which versions of SAP ERP Financial Accounting are affected by CVE-2021-38164?
CVE-2021-38164 affects multiple versions including SAP_APPL 600 to 616, SAP_FIN 617 to 730, and specific S4CORE versions.
Can CVE-2021-38164 be exploited remotely?
Yes, CVE-2021-38164 can be exploited remotely by a registered attacker to invoke restricted functions.
What type of vulnerability is CVE-2021-38164?
CVE-2021-38164 is a software vulnerability that allows unauthorized access to certain functions within SAP ERP Financial Accounting.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/author
agent/last-modified-date
agent/weakness
agent/event
agent/description
agent/first-publish-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/sap
canonical/sap erp
version/sap erp/100
version/sap erp/101
version/sap erp/102
version/sap erp/103
version/sap erp/104
version/sap erp/105
version/sap erp/602
version/sap erp/603
version/sap erp/604
version/sap erp/605
version/sap erp/606
version/sap erp/616
version/sap erp/618
version/sap erp/700
version/sap erp/720
version/sap erp/730
version/sap erp/s4core
version/sap erp/sap_appl_-_600
version/sap erp/sap_fin_-_617
version/sap erp/sapscore_-_125

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.