Lucene search

[email protected]NVD:CVE-2023-41365

HistoryOct 10, 2023 - 2:15 a.m.

CVE-2023-41365

2023-10-1002:15:10

CWE-611

[email protected]

web.nvd.nist.gov

sap business one

xxe injection

information disclosure

confidentiality

integrity

availability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.

Affected configurations

Nvd

Node

sapbusiness_oneMatch10.0

VendorProductVersionCPE
sapbusiness_one10.0cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	business_one	10.0	cpe:2.3:a:sap:business_one:10.0:::::::*

References

me.sap.com/notes/3338380

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

18.6%

JSON

Related for NVD:CVE-2023-41365

cve1 cvelist1 prion1 vulnrichment1