Vulnerabilities > SAP > Business ONE > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-31403 Incorrect Authorization vulnerability in SAP Business ONE 10.0
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder.
low complexity
sap CWE-863
8.0
2023-08-08 CVE-2023-33993 SQL Injection vulnerability in SAP Business ONE 10.0
B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data.
network
high complexity
sap CWE-89
7.5
2022-09-13 CVE-2022-35292 Unquoted Search Path or Element vulnerability in SAP Business ONE 10.0
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges.
local
low complexity
sap CWE-428
7.8
2022-07-12 CVE-2022-32249 Exposure of Resource to Wrong Sphere vulnerability in SAP Business ONE 10.0
Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)
network
low complexity
sap CWE-668
7.5
2021-05-11 CVE-2021-27616 Unspecified vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE
Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application.
local
low complexity
sap
7.2