{"containers":{"cna":{"affected":[{"product":"SAP Enterprise Financial Services (Bank Customer Accounts)","vendor":"SAP SE","versions":[{"status":"affected","version":"< 101"},{"status":"affected","version":"< 102"},{"status":"affected","version":"< 103"},{"status":"affected","version":"< 104"},{"status":"affected","version":"< 105"},{"status":"affected","version":"< 600"},{"status":"affected","version":"< 603"},{"status":"affected","version":"< 604"},{"status":"affected","version":"< 605"},{"status":"affected","version":"< 606"},{"status":"affected","version":"< 616"},{"status":"affected","version":"< 617"},{"status":"affected","version":"< 618"},{"status":"affected","version":"< 800"}]}],"descriptions":[{"lang":"en","value":"SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."}],"metrics":[{"cvssV3_0":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"Missing Authorization check","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2021-03-09T14:07:48.000Z","orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap"},"references":[{"tags":["x_refsource_MISC"],"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"},{"tags":["x_refsource_MISC"],"url":"https://launchpad.support.sap.com/#/notes/3007888"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cna@sap.com","ID":"CVE-2021-21486","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"SAP Enterprise Financial Services (Bank Customer Accounts)","version":{"version_data":[{"version_name":"<","version_value":"101"},{"version_name":"<","version_value":"102"},{"version_name":"<","version_value":"103"},{"version_name":"<","version_value":"104"},{"version_name":"<","version_value":"105"},{"version_name":"<","version_value":"600"},{"version_name":"<","version_value":"603"},{"version_name":"<","version_value":"604"},{"version_name":"<","version_value":"605"},{"version_name":"<","version_value":"606"},{"version_name":"<","version_value":"616"},{"version_name":"<","version_value":"617"},{"version_name":"<","version_value":"618"},{"version_name":"<","version_value":"800"}]}}]},"vendor_name":"SAP SE"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SAP Enterprise Financial Services versions, 101, 102, 103, 104, 105, 600, 603, 604, 605, 606, 616, 617, 618, 800, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."}]},"impact":{"cvss":{"baseScore":"6.8","vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Missing Authorization check"}]}]},"references":{"reference_data":[{"name":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107","refsource":"MISC","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"},{"name":"https://launchpad.support.sap.com/#/notes/3007888","refsource":"MISC","url":"https://launchpad.support.sap.com/#/notes/3007888"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T18:16:23.023Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=571343107"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://launchpad.support.sap.com/#/notes/3007888"}]}]},"cveMetadata":{"assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","assignerShortName":"sap","cveId":"CVE-2021-21486","datePublished":"2021-03-09T14:07:48.000Z","dateReserved":"2020-12-30T00:00:00.000Z","dateUpdated":"2024-08-03T18:16:23.023Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}