Lucene search

SapCVELIST:CVE-2023-37487

HistoryAug 08, 2023 - 12:42 a.m.

CVE-2023-37487 Security misconfiguration vulnerability in SAP Business One (Service Layer)

2023-08-0800:42:16

CWE-200

sap

www.cve.org

cve-2023-37487

sap business one

security misconfiguration

service layer

network access

confidentiality impact

integrity impact

application availability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Business One (Service Layer)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "10.0"
      }
    ]
  }
]

References

me.sap.com/notes/3333616

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.3%

JSON

Related for CVELIST:CVE-2023-37487