CVE-2021-40502

Name of the Vulnerable Software and Affected Versions SAP Commerce versions 1905.34, 2005.18, 2011.13, 2105.3

Description The issue results from the lack of necessary authorization checks for authenticated users, leading to escalation of privileges. Authenticated attackers can access and edit data from b2b units they do not belong to.

Recommendations For versions 1905.34, 2005.18, 2011.13, 2105.3, update to a version that includes the necessary authorization checks to prevent escalation of privileges. As a temporary workaround, consider restricting access to sensitive b2b unit data until a patch is available.