Vulnerabilities > SAP > Business ONE > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-31403 Incorrect Authorization vulnerability in SAP Business ONE 10.0
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder.
low complexity
sap CWE-863
8.0
2023-08-08 CVE-2023-33993 SQL Injection vulnerability in SAP Business ONE 10.0
B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data.
network
high complexity
sap CWE-89
7.5
2022-09-13 CVE-2022-35292 Unquoted Search Path or Element vulnerability in SAP Business ONE 10.0
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges.
local
low complexity
sap CWE-428
7.8
2022-07-12 CVE-2022-31593 Injection vulnerability in SAP Business ONE 10.0
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application.
network
low complexity
sap CWE-74
8.8
2022-07-12 CVE-2022-32249 Exposure of Resource to Wrong Sphere vulnerability in SAP Business ONE 10.0
Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)
network
low complexity
sap CWE-668
7.5
2022-07-12 CVE-2022-35168 XXE vulnerability in SAP Business ONE 10.0
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.
network
low complexity
sap CWE-611
7.5
2021-09-15 CVE-2021-33698 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Business ONE 10.0
SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.
network
low complexity
sap CWE-434
8.8
2021-09-15 CVE-2021-33700 Improper Authentication vulnerability in SAP Business ONE 10.0
SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password.
local
low complexity
sap CWE-287
7.8
2021-09-15 CVE-2021-33704 Missing Authorization vulnerability in SAP Business ONE 10.0
The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users.
network
low complexity
sap CWE-862
8.8
2021-05-11 CVE-2021-27614 Injection vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE
SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application.
local
low complexity
sap CWE-74
7.1