CVE-2021-38164
MEDIUMSAP ERP Financial Accounting - Privilege Escalation
Title source: llmDescription
SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3068582
Scores
CVSS v3
5.4
EPSS
0.0013
EPSS Percentile
31.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-862
Status
published
Products (20)
sap/erp_financial_accounting
100
sap/erp_financial_accounting
101
sap/erp_financial_accounting
102
sap/erp_financial_accounting
103
sap/erp_financial_accounting
104
sap/erp_financial_accounting
105
sap/erp_financial_accounting
602
sap/erp_financial_accounting
603
sap/erp_financial_accounting
604
sap/erp_financial_accounting
605
... and 10 more
Published
Sep 14, 2021
Tracked Since
Feb 18, 2026