Vulnerabilities > SAP > Business ONE
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-31403 | Incorrect Authorization vulnerability in SAP Business ONE 10.0 SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. | 8.0 |
2023-10-10 | CVE-2023-41365 | XXE vulnerability in SAP Business ONE 10.0 SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. | 4.3 |
2023-08-08 | CVE-2023-33993 | SQL Injection vulnerability in SAP Business ONE 10.0 B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. | 7.5 |
2023-08-08 | CVE-2023-37487 | Exposure of System Data to an Unauthorized Control Sphere vulnerability in SAP Business ONE 10.0 SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application | 5.3 |
2023-08-08 | CVE-2023-39437 | Cross-site Scripting vulnerability in SAP Business ONE 10.0 SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. | 5.4 |
2022-09-13 | CVE-2022-35292 | Unquoted Search Path or Element vulnerability in SAP Business ONE 10.0 In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. | 7.8 |
2022-07-12 | CVE-2022-31593 | Injection vulnerability in SAP Business ONE 10.0 SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. | 6.5 |
2022-07-12 | CVE-2022-32249 | Exposure of Resource to Wrong Sphere vulnerability in SAP Business ONE 10.0 Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) | 7.5 |
2022-07-12 | CVE-2022-35168 | XXE vulnerability in SAP Business ONE 10.0 Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative. | 5.0 |
2022-01-14 | CVE-2021-44234 | Information Exposure Through Log Files vulnerability in SAP Business ONE 10.0 SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. | 2.1 |