CVE-2021-38175
6.5 MEDIUMSAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gat...
Published: 2021-09-14 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products
| Vendor | Product |
|---|---|
| sap | analysis_for_microsoft_office |
Description
SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user interaction. The attack would not lead to an impact on the availability of the system, but there would be an impact on integrity and confidentiality.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-38175
- [Other]https://launchpad.support.sap.com/#/notes/3082500
- [Vendor advisory]https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
- [Other]https://launchpad.support.sap.com/#/notes/3082500
- [Vendor advisory]https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
Related CVEs
Same vendor
- CVE-2026-27680 — Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascad... (3.1 LOW)
- CVE-2026-40135 — An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authentica... (6.5 MEDIUM)
- CVE-2026-27682 — Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Serv... (4.7 MEDIUM)
- CVE-2026-34257 — Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL tha... (6.1 MEDIUM)
- CVE-2026-27674 — Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could suppl... (6.1 MEDIUM)