Vulnerabilities > SAP > Business ONE > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-09 | CVE-2021-33662 | Unspecified vulnerability in SAP Business ONE 10.0 Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted. | 4.4 |
| 2020-06-10 | CVE-2020-6239 | Insufficiently Protected Credentials vulnerability in SAP Business ONE 10.0/9.3 Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. | 4.4 |
| 2019-02-15 | CVE-2019-0256 | Unspecified vulnerability in SAP Business ONE 1.2.12 Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted. | 5.5 |
| 2018-09-11 | CVE-2018-2460 | Improper Certificate Validation vulnerability in SAP Business ONE 1.2 SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. | 5.9 |
| 2018-06-12 | CVE-2018-2425 | Unspecified vulnerability in SAP Business ONE 9.2/9.3 Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. | 5.5 |
| 2018-04-10 | CVE-2018-2410 | Cross-site Scripting vulnerability in SAP Business ONE 9.2/9.3 SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | 5.4 |