Privilege Escalation in SAP Banking Services: Unauthorized Access to Restricted Market Data

Privilege Escalation in SAP Banking Services: Unauthorized Access to Restricted Market Data

CVE-2021-21467 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.

Learn more about our User Device Pen Test.