CVE-2021-38164

Name of the Vulnerable Software and Affected Versions: SAP ERP Financial Accounting (RFOPENPOSTING FR) versions - SAP APPL - 600, 602, 603, 604, 605, 606, 616, SAP FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105

Description: The issue allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited, the attacker may be able to view and modify financial accounting data that only a specific user should have access to.

Recommendations: For SAP APPL versions 600, 602, 603, 604, 605, 606, 616, consider restricting access to the affected functions until a patch is available. For SAP FIN versions 617, 618, 700, 720, 730, restrict access to the vulnerable functions to minimize the risk of exploitation. For SAPSCORE version 125, and S4CORE versions 100, 101, 102, 103, 104, 105, consider disabling the exposed functions over the network as a temporary workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.