Lucene search

SapVULNRICHMENT:CVE-2023-41365

HistoryOct 10, 2023 - 1:35 a.m.

CVE-2023-41365 Information Disclosure vulnerability in SAP Business One (B1i)

2023-10-1001:35:57

CWE-209

sap

github.com

sap business one

version 10.0

information disclosure

xxe injection

vulnerability

cve-2023-41365

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.

References

me.sap.com/notes/3338380

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

6.5

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-41365