Lucene search

SapCVELIST:CVE-2021-33685

HistorySep 14, 2021 - 11:21 a.m.

CVE-2021-33685

2021-09-1411:21:56

sap

www.cve.org

sap business one

file system traversal

sensitive data access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

46.8%

JSON

SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data

CNA Affected

[
  {
    "product": "SAP Business One",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 10.0"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3069032

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

46.8%

JSON

Related for CVELIST:CVE-2021-33685