cnvd-2021-17205
Vulnerability from cnvd
Title
SAP Payment Engine权限提升漏洞
Description
SAP Payment Engine是德国思爱普(SAP)公司的一个应用软件。提供一个简化中央平台上的端到端支付处理功能。 SAP Payment Engine 500版本存在安全漏洞,攻击者可利用该漏洞执行必要的授权检查,导致权限升级。
Severity
Patch Name
SAP Payment Engine权限提升漏洞的补丁
Patch Description
SAP Payment Engine是德国思爱普(SAP)公司的一个应用软件。提供一个简化中央平台上的端到端支付处理功能。 SAP Payment Engine 500版本存在安全漏洞,攻击者可利用该漏洞执行必要的授权检查,导致权限升级。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: https://launchpad.support.sap.com/#/notes/3023778

Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-21487
Impacted products
Name
SAP SAP Payment Engine 500
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-21487",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-21487"
    }
  },
  "description": "SAP Payment Engine\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u63d0\u4f9b\u4e00\u4e2a\u7b80\u5316\u4e2d\u592e\u5e73\u53f0\u4e0a\u7684\u7aef\u5230\u7aef\u652f\u4ed8\u5904\u7406\u529f\u80fd\u3002\n\nSAP Payment Engine 500\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5fc5\u8981\u7684\u6388\u6743\u68c0\u67e5\uff0c\u5bfc\u81f4\u6743\u9650\u5347\u7ea7\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://launchpad.support.sap.com/#/notes/3023778",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-17205",
  "openTime": "2021-03-13",
  "patchDescription": "SAP Payment Engine\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u5e94\u7528\u8f6f\u4ef6\u3002\u63d0\u4f9b\u4e00\u4e2a\u7b80\u5316\u4e2d\u592e\u5e73\u53f0\u4e0a\u7684\u7aef\u5230\u7aef\u652f\u4ed8\u5904\u7406\u529f\u80fd\u3002\r\n\r\nSAP Payment Engine 500\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5fc5\u8981\u7684\u6388\u6743\u68c0\u67e5\uff0c\u5bfc\u81f4\u6743\u9650\u5347\u7ea7\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Payment Engine\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "SAP SAP Payment Engine 500"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-21487",
  "serverity": "\u4e2d",
  "submitTime": "2021-03-10",
  "title": "SAP Payment Engine\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.