Vulnerabilities > SAP > Business ONE > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2021-44234 | Information Exposure Through Log Files vulnerability in SAP Business ONE 10.0 SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. | 2.1 |
| 2021-12-14 | CVE-2021-42066 | Cleartext Storage of Sensitive Information vulnerability in SAP Business ONE 10.0 SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. | 3.5 |
| 2021-06-09 | CVE-2021-33662 | Information Exposure vulnerability in SAP Business ONE 10.0 Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted. | 2.1 |
| 2021-05-11 | CVE-2021-27614 | Injection vulnerability in SAP Business-One-Hana-Chef-Cookbook and Business ONE SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. | 3.6 |
| 2020-06-10 | CVE-2020-6239 | Information Exposure vulnerability in SAP Business ONE 10.0/9.3 Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. | 2.1 |
| 2019-02-15 | CVE-2019-0256 | Unspecified vulnerability in SAP Business ONE 1.2.12 Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted. | 2.1 |
| 2018-06-12 | CVE-2018-2425 | Unspecified vulnerability in SAP Business ONE 9.2/9.3 Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. | 2.1 |
| 2018-04-10 | CVE-2018-2410 | Cross-site Scripting vulnerability in SAP Business ONE 9.2/9.3 SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | 3.5 |