medium
5.9
CWE
200
Advisory Published
Updated

CVE-2021-41251: Possibility to elevate privileges or get unauthorized access to data

First published: Fri Nov 05 2021(Updated: )

@sap-cloud-sdk/core contains the core functionality of the SAP Cloud SDK as well as the SAP Business Technology Platform abstractions. This affects applications on SAP Business Technology Platform that use the SAP Cloud SDK and enabled caching of destinations. In affected versions and in some cases, when user information was missing, destinations were cached without user information, allowing other users to retrieve the same destination with its permissions. By default, destination caching is disabled. The security for caching has been increased. The changes are released in version 1.52.0. Users unable to upgrade are advised to disable destination caching (it is disabled by default).

Credit: security-advisories@github.com security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
SAP Cloud SDK<1.52.0

Remedy

https://github.com/SAP/cloud-sdk-js/pull/1769

Remedy

https://github.com/SAP/cloud-sdk-js/pull/1770

Remedy

https://github.com/SAP/cloud-sdk-js/security/advisories/GHSA-gp2f-254m-rh32

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2021-41251?

    CVE-2021-41251 is considered a medium severity vulnerability affecting caching of destinations in the SAP Cloud SDK.

  • How do I fix CVE-2021-41251?

    To mitigate CVE-2021-41251, upgrade to SAP Cloud SDK version 1.52.0 or later.

  • What software is affected by CVE-2021-41251?

    CVE-2021-41251 impacts applications on the SAP Business Technology Platform using versions of SAP Cloud SDK up to 1.52.0.

  • What type of vulnerability is CVE-2021-41251?

    CVE-2021-41251 is a vulnerability related to the caching mechanism in the SAP Cloud SDK.

  • Who should be concerned about CVE-2021-41251?

    Developers and organizations using SAP Cloud SDK for applications within the SAP Business Technology Platform should be concerned about CVE-2021-41251.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203