CVE-2021-40501

{"id": "CVE-2021-40501", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2021-11-10T16:15:08.517", "references": [{"url": "https://launchpad.support.sap.com/#/notes/3099776", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=589496864", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business user is able to read and modify data beyond the vulnerable system. However, the attacker can neither significantly reduce the performance of the system nor stop the system."}, {"lang": "es", "value": "SAP ABAP Platform Kernel - versiones 7.77, 7.81, 7.85, 7.86, no lleva a cabo las comprobaciones de autorizaci\u00f3n necesarias para un usuario empresarial autenticado, resultando en una escalada de privilegios. Esto significa que este usuario empresarial es capaz de leer y modificar datos m\u00e1s all\u00e1 del sistema vulnerable. Sin embargo, el atacante no puede reducir significativamente el rendimiento del sistema ni detenerlo"}], "lastModified": "2021-11-12T20:38:45.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36BD4905-9BAE-4AAA-9840-48200191430D"}, {"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.81:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03CA5653-5E5C-4E9A-B840-65EA3ECEB19E"}, {"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6B284F5-7F46-4764-8B24-8D4C88E211B8"}, {"criteria": "cpe:2.3:a:sap:abap_platform_kernel:7.86:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04ABF1B3-420D-4181-90B6-A147B35E4112"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}