Vulnerabilities > CVE-2023-31403 - Incorrect Authorization vulnerability in SAP Business ONE 10.0

CVSS 8.0 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

low complexity

sap

CWE-863

NVD

Published: 2023-11-14

Updated: 2024-09-28

Summary

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Business ONE 10.0	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://me.sap.com/notes/3355658
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html