Business One Security Vulnerabilities and Issues — Business One CVE List

Lucene search

SapBusiness One

5 matches found

CVE•added 2022/07/12 9:15 p.m.•96 views

CVE-2022-31593

SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

8.8CVSS8.6AI score0.00511EPSS

CVE•added 2022/07/12 9:15 p.m.•60 views

CVE-2022-32249

Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)

7.5CVSS7.3AI score0.00348EPSS

CVE•added 2022/09/13 4:15 p.m.•48 views

CVE-2022-35292

In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gai...

7.8CVSS8.2AI score0.00064EPSS

CVE•added 2022/01/14 8:15 p.m.•46 views

CVE-2021-44234

SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

5.5CVSS5.3AI score0.0006EPSS

CVE•added 2022/07/12 9:15 p.m.•45 views

CVE-2022-35168

Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.

7.5CVSS7.4AI score0.00349EPSS