CVE-2021-21486

HIGH

SAP Enterprise Financial Services 101-105, 600-606, 616-618, 800 - Authenticated Privilege Escalation

Title source: llm

Description

SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/3007888

Scores

CVSS v3 8.8

EPSS 0.0015

EPSS Percentile 34.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (14)

sap/enterprise_financial_services 1.01

sap/enterprise_financial_services 1.02

sap/enterprise_financial_services 1.03

sap/enterprise_financial_services 1.04

sap/enterprise_financial_services 1.05

sap/enterprise_financial_services 6.00

sap/enterprise_financial_services 6.03

sap/enterprise_financial_services 6.04

sap/enterprise_financial_services 6.05

sap/enterprise_financial_services 6.06

... and 4 more

Published Mar 09, 2021

Tracked Since Feb 18, 2026