Privilege Escalation Vulnerability in SAP Commerce by SAP
CVE-2021-40502

8.8HIGH

Key Information:

Vendor: SAP
Status: SAP Commerce
Vendor: CVE Published:; 10 November 2021

What is CVE-2021-40502?

SAP Commerce has a vulnerability that allows an authenticated user to bypass necessary authorization checks, enabling malicious actors to escalate their privileges. This flaw allows them to access and manipulate data related to B2B units they do not belong to, posing significant risks of data exposure and manipulation within the system. Organizations utilizing the affected versions should assess their exposure and implement necessary security measures immediately.

Affected Version(s)

SAP Commerce < 2105.3 < 2105.3

SAP Commerce < 2011.13 < 2011.13

SAP Commerce < 2005.18 < 2005.18

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3110328

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2021
Vulnerability Reserved
Sep 3, 2021