Vulnerabilities > CVE-2021-38164 - Missing Authorization vulnerability in SAP ERP Financial Accounting

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2021-09-14

Updated: 2021-09-24

Summary

SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP ERP Financial Accounting 602 SAP ERP Financial Accounting 603 SAP ERP Financial Accounting 604 SAP ERP Financial Accounting 605 SAP ERP Financial Accounting 606 SAP ERP Financial Accounting 616 SAP ERP Financial Accounting Sap_Fin_-_617 SAP ERP Financial Accounting 618 SAP ERP Financial Accounting 700 SAP ERP Financial Accounting 720 SAP ERP Financial Accounting 730 SAP ERP Financial Accounting Sapscore_-_125 SAP ERP Financial Accounting S4Core SAP ERP Financial Accounting 100 SAP ERP Financial Accounting 101 SAP ERP Financial Accounting 102 SAP ERP Financial Accounting 103 SAP ERP Financial Accounting 104 SAP ERP Financial Accounting 105 SAP ERP Financial Accounting Sap_Appl_-_600	20

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References