CVE-2021-40501

CVE-2021-40501

Vendor Sap Se
Product SAP ABAP Platform Kernel
Weakness CWE-862 · Missing authorization
Published November 10, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system.

Key dates

02Disclosure timeline

November 10, 2021 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE