{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-21486", "ASSIGNER": "cna@sap.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "SAP SE", "product": { "product_data": [ { "product_name": "SAP Enterprise Financial Services (Bank Customer Accounts)", "version": { "version_data": [ { "version_name": "<", "version_value": "101" }, { "version_name": "<", "version_value": "102" }, { "version_name": "<", "version_value": "103" }, { "version_name": "<", "version_value": "104" }, { "version_name": "<", "version_value": "105" }, { "version_name": "<", "version_value": "600" }, { "version_name": "<", "version_value": "603" }, { "version_name": "<", "version_value": "604" }, { "version_name": "<", "version_value": "605" }, { "version_name": "<", "version_value": "606" }, { "version_name": "<", "version_value": "616" }, { "version_name": "<", "version_value": "617" }, { "version_name": "<", "version_value": "618" }, { "version_name": "<", "version_value": "800" } ] } } ] } } ] } }, "description": { "description_data": [ { "lang": "eng", "value": "SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges." } ] }, "impact": { "cvss": { "baseScore": "6.8", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Missing Authorization check" } ] } ] }, "references": { "reference_data": [ { "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107", "refsource": "MISC", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107" }, { "url": "https://launchpad.support.sap.com/#/notes/3007888", "refsource": "MISC", "name": "https://launchpad.support.sap.com/#/notes/3007888" } ] } }