SAP

Business One

34 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-35168

  • EPSS 0.35%
  • Veröffentlicht 12.07.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:10:51

Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.

7.5

CVE-2022-32249

  • EPSS 0.28%
  • Veröffentlicht 12.07.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:00

Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)

8.8

CVE-2022-31593

  • EPSS 0.74%
  • Veröffentlicht 12.07.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:04:48

SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

5.5

CVE-2021-44234

  • EPSS 0.06%
  • Veröffentlicht 14.01.2022 20:15:12
  • Zuletzt bearbeitet 21.11.2024 06:30:39

SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

4.4

CVE-2021-42066

  • EPSS 0.12%
  • Veröffentlicht 14.12.2021 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:27:10

SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploi...

4.9

CVE-2021-38179

  • EPSS 0.34%
  • Veröffentlicht 12.10.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:16:34

Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.

9.8

CVE-2021-38180

  • EPSS 1.82%
  • Veröffentlicht 12.10.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:16:34

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but o...

8.8

CVE-2021-33704

  • EPSS 0.22%
  • Veröffentlicht 15.09.2021 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:09:24

The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledg...

7.8

CVE-2021-33700

  • EPSS 0.04%
  • Veröffentlicht 15.09.2021 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:09:23

SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the at...

8.8

CVE-2021-33698

  • EPSS 0.3%
  • Veröffentlicht 15.09.2021 19:15:09
  • Zuletzt bearbeitet 21.11.2024 06:09:23

SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.