CVE-2021-38175 MEDIUM

CVE-2021-38175

Vendor Sap Se
Product SAP Analysis for Microsoft Office
Published September 14, 2021
Last update August 4, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there would be an impact on integrity and confidentiality.

Key dates

02Disclosure timeline

September 14, 2021 CVE published
August 4, 2024 Record updated