{"api_version":"1","generated_at":"2026-04-22T23:31:40+00:00","cve":"CVE-2021-21467","urls":{"html":"https://cve.report/CVE-2021-21467","api":"https://cve.report/api/cve/CVE-2021-21467.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-21467","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-21467"},"summary":{"title":"CVE-2021-21467","description":"SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.","state":"PUBLIC","assigner":"cna@sap.com","published_at":"2021-01-12 15:15:00","updated_at":"2022-10-06 20:39:00"},"problem_types":["CWE-862"],"metrics":[],"references":[{"url":"https://launchpad.support.sap.com/#/notes/3008422","name":"https://launchpad.support.sap.com/#/notes/3008422","refsource":"MISC","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476","name":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476","refsource":"MISC","tags":["Vendor Advisory"],"title":"SAP Security Patch Day – January 2021 - Product Security Response at SAP - Community Wiki","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-21467","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21467","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"21467","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"banking_services","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21467","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"banking_services","cpe6":"400","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21467","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"banking_services","cpe6":"450","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21467","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"banking_services","cpe6":"500","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21467","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"banking_services","cpe6":"400","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21467","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"banking_services","cpe6":"450","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"21467","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"banking_services","cpe6":"500","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-21467","ASSIGNER":"cna@sap.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"SAP SE","product":{"product_data":[{"product_name":"SAP Banking Services (Generic Market Data)","version":{"version_data":[{"version_name":"<","version_value":"400"},{"version_name":"<","version_value":"450"},{"version_name":"<","version_value":"500"}]}}]}}]}},"description":{"description_data":[{"lang":"eng","value":"SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check."}]},"impact":{"cvss":{"baseScore":"4.3","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Missing Authorization Check"}]}]},"references":{"reference_data":[{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476","refsource":"MISC","name":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476"},{"url":"https://launchpad.support.sap.com/#/notes/3008422","refsource":"MISC","name":"https://launchpad.support.sap.com/#/notes/3008422"}]}},"nvd":{"publishedDate":"2021-01-12 15:15:00","lastModifiedDate":"2022-10-06 20:39:00","problem_types":["CWE-862"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:sap:banking_services:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"21467","Ordinal":"195821","Title":"CVE-2021-21467","CVE":"CVE-2021-21467","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"21467","Ordinal":"1","NoteData":"SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"21467","Ordinal":"2","NoteData":"2021-01-12","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"21467","Ordinal":"3","NoteData":"2021-02-11","Type":"Other","Title":"Modified"}]}}}