VDB
CVE-2021-21468
CVE-2021-21468
PUBLISHED
CVSS 6.5 MEDIUM
The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table.
EPSS 0.45% · 64.0th percentile
Risk Scores
CVSS 3.0
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.45%
64.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP SE | SAP Business Warehouse | < 710, < 711, < 730 |
| sap | business_warehouse | 710, 740, 750 |
Timeline
- Jan 12, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 advisory
- https://launchpad.support.sap.com/#/notes/2986980 url
- 20220518 SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP Application Server, ABAP and ABAP Platform (Different Software Components) mailing-list
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html url
- https://nvd.nist.gov/vuln/detail/CVE-2021-21468 advisory
- https://i7p.wdf.sap.corp/sap/support/notes/2986980 url