CVE-2021-21467

Description

SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.

CVSS Version 3.1
CVSS Version 3.0
CVSS Version 2.0

nvd
CVE ID: CVE-2021-21467
Base Score: 4.3
Base Severity: MEDIUM
Vector String:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Impact Score: 1.4
Exploitability Score: 2.8

sap
CVE ID: CVE-2021-21467
Base Score: 4.3
Base Severity: MEDIUM
Vector String:CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

nvd
CVE ID: CVE-2021-21467
Base Score: 4.0
Base Severity: MEDIUM
Vector String:AV:N/AC:L/Au:S/C:P/I:N/A:N

Refrence: NVD MITRE

Description​

Description