Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible.
[
{
"defaultStatus": "unaffected",
"product": "SAP Business One License service API",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "10.0"
}
]
}
]