VYPR
Unrated severityNVD Advisory· Published Nov 10, 2021· Updated Aug 4, 2024

CVE-2021-40502

CVE-2021-40502

Description

SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access and edit data from b2b units they do not belong to.

Affected products

2
  • Range: 2105.3, 2011.13, 2005.18, 1905.34
  • SAP SE/SAP Commercev5
    Range: < 2105.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.