Strix
26.1K

CVE-2021-38164

MEDIUMCVSS 5.4/10EPSS 0.47%

Last modified

CVE-2021-38164 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.. EPSS estimates a 0.47% chance of exploitation in the next 30 days.

Description

SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.

Metrics

CVSS 3.1
5.4/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS Probability
0.47%

36.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SapErp Financial Accounting100
SapErp Financial Accounting101
SapErp Financial Accounting102
SapErp Financial Accounting103
SapErp Financial Accounting104
SapErp Financial Accounting105
SapErp Financial Accounting602
SapErp Financial Accounting603
SapErp Financial Accounting604
SapErp Financial Accounting605
SapErp Financial Accounting606
SapErp Financial Accounting616
SapErp Financial Accounting618
SapErp Financial Accounting700
SapErp Financial Accounting720
SapErp Financial Accounting730
SapErp Financial Accountings4core
SapErp Financial Accountingsap_appl_-_600
SapErp Financial Accountingsap_fin_-_617
SapErp Financial Accountingsapscore_-_125

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-38164?
SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.
How severe is CVE-2021-38164?
CVE-2021-38164 has a CVSS score of 5.4/10 (MEDIUM severity). The EPSS model estimates a 0.47% probability of exploitation in the next 30 days.
How do I fix CVE-2021-38164?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-38164?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST