CVE-2021-38175
MEDIUMSAP Analysis for Microsoft Office <2.8 - Info Disclosure
Title source: llmDescription
SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there would be an impact on integrity and confidentiality.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3082500
Scores
CVSS v3
6.5
EPSS
0.0023
EPSS Percentile
45.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Details
Status
published
Products (1)
sap/analysis_for_microsoft_office
2.8
Published
Sep 14, 2021
Tracked Since
Feb 18, 2026