CVE-2021-38164 is a vulnerability in SAP Erp Financial Accounting
Published on September 14, 2021
SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2021-38164 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2021-38164
Want to know whenever a new CVE is published for SAP Erp Financial Accounting? stack.watch will email you.
Affected Versions
SAP SE SAP ERP Financial Accounting (RFOPENPOSTING_FR):- Version < SAP_APPL - 600 is affected.
- Version < 602 is affected.
- Version < 603 is affected.
- Version < 604 is affected.
- Version < 605 is affected.
- Version < 606 is affected.
- Version < 616 is affected.
- Version < SAP_FIN - 617 is affected.
- Version < 618 is affected.
- Version < 700 is affected.
- Version < 720 is affected.
- Version < 730 is affected.
- Version < SAPSCORE - 125 is affected.
- Version < S4CORE is affected.
- Version < 100 is affected.
- Version < 101 is affected.
- Version < 102 is affected.
- Version < 103 is affected.
- Version < 104 is affected.
- Version < 105 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.