Vulnerabilities > SAP > Business ONE

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-31403 Incorrect Authorization vulnerability in SAP Business ONE 10.0
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder.
low complexity
sap CWE-863
8.0
2023-10-10 CVE-2023-41365 XXE vulnerability in SAP Business ONE 10.0
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure.
network
low complexity
sap CWE-611
4.3
2023-08-08 CVE-2023-33993 SQL Injection vulnerability in SAP Business ONE 10.0
B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data.
network
high complexity
sap CWE-89
7.5
2023-08-08 CVE-2023-37487 Exposure of System Data to an Unauthorized Control Sphere vulnerability in SAP Business ONE 10.0
SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application
network
high complexity
sap CWE-497
5.3
2023-08-08 CVE-2023-39437 Cross-site Scripting vulnerability in SAP Business ONE 10.0
SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting.
network
low complexity
sap CWE-79
5.4
2022-09-13 CVE-2022-35292 Unquoted Search Path or Element vulnerability in SAP Business ONE 10.0
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges.
local
low complexity
sap CWE-428
7.8
2022-07-12 CVE-2022-31593 Injection vulnerability in SAP Business ONE 10.0
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application.
network
low complexity
sap CWE-74
8.8
2022-07-12 CVE-2022-32249 Exposure of Resource to Wrong Sphere vulnerability in SAP Business ONE 10.0
Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)
network
low complexity
sap CWE-668
7.5
2022-07-12 CVE-2022-35168 XXE vulnerability in SAP Business ONE 10.0
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.
network
low complexity
sap CWE-611
7.5
2022-01-14 CVE-2021-44234 Information Exposure Through Log Files vulnerability in SAP Business ONE 10.0
SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
local
low complexity
sap CWE-532
5.5