A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the system.
References
| Link | Resource |
|---|---|
| https://launchpad.support.sap.com/#/notes/3066316 | Permissions Required |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
16 Jul 2021, 16:19
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.2 |
| CPE | cpe:2.3:a:sap:customer_relationship_management:713:*:*:*:*:*:*:* cpe:2.3:a:sap:customer_relationship_management:712:*:*:*:*:*:*:* cpe:2.3:a:sap:customer_relationship_management:700:*:*:*:*:*:*:* cpe:2.3:a:sap:customer_relationship_management:702:*:*:*:*:*:*:* cpe:2.3:a:sap:customer_relationship_management:714:*:*:*:*:*:*:* cpe:2.3:a:sap:customer_relationship_management:701:*:*:*:*:*:*:* |
|
| CWE | CWE-862 | |
| References | (MISC) https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 - Vendor Advisory | |
| References | (MISC) https://launchpad.support.sap.com/#/notes/3066316 - Permissions Required |
14 Jul 2021, 12:24
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-07-14 12:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-33676
Mitre link : CVE-2021-33676
CVE.ORG link : CVE-2021-33676
JSON object : View
Products Affected
sap
- customer_relationship_management
CWE
CWE-862
Missing Authorization