CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-21470

SAP EPM Add-in for Microsoft Office, version - 1010 and SAP EPM Add-in for SAP Analysis Office, version - 2.8, allows an authenticated attacker with user privileges to parse malicious XML files which could result in XXE-based attacks in applications that accept attacker-controlled XML configuration files. This occurs as logging service does not disable XML external entities when parsing configuration files and a successful exploit would result in limited impact on integrity and availability of the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.3%

CVSS Severity

CVSS v3 Score 3.6

CVSS v2 Score 3.6

References

https://launchpad.support.sap.com/#/notes/3000291
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
https://launchpad.support.sap.com/#/notes/3000291
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476

Products affected by CVE-2021-21470

Sap » Enterprise Performance Management » Version: 1010

cpe:2.3:a:sap:enterprise_performance_management:1010
Sap » Enterprise Performance Management » Version: 2.8

cpe:2.3:a:sap:enterprise_performance_management:2.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21470

Products

Pricing

Contact Us