Vulnerabilities > SAP > Business ONE > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-31403 | Incorrect Authorization vulnerability in SAP Business ONE 10.0 SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. | 8.0 |
| 2023-08-08 | CVE-2023-33993 | SQL Injection vulnerability in SAP Business ONE 10.0 B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. | 7.5 |
| 2022-09-13 | CVE-2022-35292 | Unquoted Search Path or Element vulnerability in SAP Business ONE 10.0 In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. | 7.8 |
| 2022-07-12 | CVE-2022-32249 | Exposure of Resource to Wrong Sphere vulnerability in SAP Business ONE 10.0 Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) | 7.5 |
| 2021-05-11 | CVE-2021-27616 | Unspecified vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application. | 7.2 |