Missing Authority Check in SAP CRM Affects System Integrity
CVE-2021-33676

6.8MEDIUM

Key Information:

Vendor: SAP
Status: SAP Crm
Vendor: CVE Published:; 14 July 2021

What is CVE-2021-33676?

A vulnerability exists in SAP CRM versions 700, 701, 702, 712, 713, and 714 due to a missing authority check that allows attackers with high privileges to exploit the system. This can lead to potential risks affecting the confidentiality, integrity, or availability of crucial business data. Organizations using these affected versions should assess their security measures and apply recommended patches promptly to mitigate potential threats.

Affected Version(s)

SAP CRM < 700 < 700

SAP CRM < 701 < 701

SAP CRM < 702 < 702

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3066316

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2021
Vulnerability Reserved
May 28, 2021