Authorization Flaw in SAP ABAP Platform Kernel Affects Multiple Versions
CVE-2021-40501

8.1HIGH

Key Information:

Vendor: SAP
Status: SAP Abap Platform Kernel
Vendor: CVE Published:; 10 November 2021

What is CVE-2021-40501?

The SAP ABAP Platform Kernel, specifically in versions 7.77, 7.81, 7.85, and 7.86, contains a vulnerability that allows authenticated business users to bypass necessary authorization checks. This flaw enables these users to access and modify sensitive data that they should not have permissions for, potentially leading to unauthorized information disclosure. The vulnerability does not directly impact system performance or availability.

Affected Version(s)

SAP ABAP Platform Kernel < 7.77 < 7.77

SAP ABAP Platform Kernel < 7.81 < 7.81

SAP ABAP Platform Kernel < 7.85 < 7.85

References

https://launchpad.support.sap.com/#/notes/3099776

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2021
Vulnerability Reserved
Sep 3, 2021