cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-31403,https://securityvulnerability.io/vulnerability/CVE-2023-31403,Improper Access Control vulnerability in SAP Business One product installation,"The SAP Business One installation version 10.0 lacks proper authentication and authorization checks for SMB shared folders, allowing malicious users to gain unauthorized access. This vulnerability permits these users to read and write files within the shared folder, significantly compromising the confidentiality, integrity, and availability of sensitive data. The potential for execution or misuse of files during the installation process poses additional risks, emphasizing the need for immediate remediation.",SAP,SAP Business One,8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2023-11-14T01:15:00.000Z,0
CVE-2023-41365,https://securityvulnerability.io/vulnerability/CVE-2023-41365,Information Disclosure vulnerability in SAP Business One (B1i),"SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.",SAP,SAP Business One (b1i),4.3,MEDIUM,0.0005300000193528831,false,false,false,false,,false,false,2023-10-10T02:15:00.000Z,0
CVE-2023-33993,https://securityvulnerability.io/vulnerability/CVE-2023-33993,SQL Injection vulnerability in SAP Business One B1i Layer,"The B1i module of SAP Business One version 10.0 is susceptible to SQL injection, allowing an authenticated user with in-depth knowledge of the application to execute crafted SQL queries over the network. This vulnerability can potentially be exploited to read or modify sensitive SQL data, resulting in significant risks to the confidentiality, integrity, and availability of the application. Organizations using this module should prioritize immediate updates and enhance their security measures to mitigate potential threats.",SAP,SAP Business One (b1i Layer),7.1,HIGH,0.0009299999801442027,false,false,false,false,,false,false,2023-08-08T01:15:00.000Z,0
CVE-2023-37487,https://securityvulnerability.io/vulnerability/CVE-2023-37487,Security misconfiguration vulnerability in SAP Business One (Service Layer),"SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application",SAP,SAP Business One (service Layer),5.3,MEDIUM,0.0006200000061653554,false,false,false,false,,false,false,2023-08-08T01:15:00.000Z,0
CVE-2023-39437,https://securityvulnerability.io/vulnerability/CVE-2023-39437,Cross-Site Scripting (XSS) vulnerability in SAP Business One,"SAP Business One, version 10.0, contains a vulnerability that enables attackers to inject malicious scripts into web pages or applications. This security flaw allows the execution of harmful code upon user interaction, potentially compromising the confidentiality, integrity, and availability of sensitive data. Organizations using this version must be alerted to the risks associated with unauthorized script execution, which can lead to various malicious actions against users.",SAP,SAP Business One,7.6,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2023-08-08T01:15:00.000Z,0
CVE-2022-35292,https://securityvulnerability.io/vulnerability/CVE-2022-35292,,"In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries, it can be used to gain privileged permissions on a system or network leading to high impact on Confidentiality, Integrity, and Availability.",SAP,SAP Business One,7.8,HIGH,0.0006799999973736703,false,false,false,false,,false,false,2022-09-13T15:41:49.000Z,0
CVE-2022-32249,https://securityvulnerability.io/vulnerability/CVE-2022-32249,,"Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)",SAP,SAP Business One,7.5,HIGH,0.0015800000401213765,false,false,false,false,,false,false,2022-07-12T20:31:35.000Z,0
CVE-2022-35168,https://securityvulnerability.io/vulnerability/CVE-2022-35168,,"Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.",SAP,SAP Business One,7.5,HIGH,0.0010100000072270632,false,false,false,false,,false,false,2022-07-12T20:27:54.000Z,0
CVE-2022-31593,https://securityvulnerability.io/vulnerability/CVE-2022-31593,,"SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.",SAP,SAP Business One,8.8,HIGH,0.0010400000028312206,false,false,false,false,,false,false,2022-07-12T20:27:15.000Z,0
CVE-2022-28771,https://securityvulnerability.io/vulnerability/CVE-2022-28771,,"Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible.

",SAP,SAP Business One License Service Api,7.5,HIGH,0.001069999998435378,false,false,false,false,,false,false,2022-07-12T20:26:53.000Z,0
CVE-2021-44234,https://securityvulnerability.io/vulnerability/CVE-2021-44234,,"SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.",SAP,SAP Business One,5.5,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-01-14T19:11:27.000Z,0
CVE-2021-42066,https://securityvulnerability.io/vulnerability/CVE-2021-42066,,"SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application.",SAP,SAP Business One,4.4,MEDIUM,0.0006399999838322401,false,false,false,false,,false,false,2021-12-14T15:44:11.000Z,0
CVE-2021-38180,https://securityvulnerability.io/vulnerability/CVE-2021-38180,,"SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution.

",SAP,SAP Business One,9.8,CRITICAL,0.002839999971911311,false,false,false,false,,false,false,2021-10-12T14:03:41.000Z,0
CVE-2021-38179,https://securityvulnerability.io/vulnerability/CVE-2021-38179,,Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.,SAP,SAP Business One,4.9,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2021-10-12T14:03:06.000Z,0
CVE-2021-33704,https://securityvulnerability.io/vulnerability/CVE-2021-33704,,"The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users.",SAP,SAP Business One,6.3,MEDIUM,0.0010400000028312206,false,false,false,false,,false,false,2021-09-15T18:01:56.000Z,0
CVE-2021-33698,https://securityvulnerability.io/vulnerability/CVE-2021-33698,,"SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.",SAP,SAP Business One,9.9,CRITICAL,0.0010400000028312206,false,false,false,false,,false,false,2021-09-15T18:01:53.000Z,0
CVE-2021-33700,https://securityvulnerability.io/vulnerability/CVE-2021-33700,,"SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.",SAP,SAP Business One,7,HIGH,0.0004199999966658652,false,false,false,false,,false,false,2021-09-15T18:01:51.000Z,0
CVE-2021-33688,https://securityvulnerability.io/vulnerability/CVE-2021-33688,,"SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained.",SAP,SAP Business One,4.3,MEDIUM,0.000539999979082495,false,false,false,false,,false,false,2021-09-14T11:24:52.000Z,0
CVE-2021-33686,https://securityvulnerability.io/vulnerability/CVE-2021-33686,,"Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.",SAP,SAP Business One,5.3,MEDIUM,0.0008999999845400453,false,false,false,false,,false,false,2021-09-14T11:24:43.000Z,0
CVE-2021-33685,https://securityvulnerability.io/vulnerability/CVE-2021-33685,,SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data,SAP,SAP Business One,6.5,MEDIUM,0.0012199999764561653,false,false,false,false,,false,false,2021-09-14T11:21:56.000Z,0
CVE-2021-37532,https://securityvulnerability.io/vulnerability/CVE-2021-37532,,"SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.",SAP,SAP Business One,4.3,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2021-09-14T11:15:27.000Z,0
CVE-2021-33662,https://securityvulnerability.io/vulnerability/CVE-2021-33662,,"Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted.",SAP,SAP Business One,6.7,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2021-06-09T13:32:05.000Z,0
CVE-2021-27613,https://securityvulnerability.io/vulnerability/CVE-2021-27613,,"Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would otherwise be restricted, which could lead to Information Disclosure and highly impact system confidentiality, integrity and availability.",SAP,SAP Business One (cookbooks),7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-05-11T14:19:33.000Z,0
CVE-2021-27616,https://securityvulnerability.io/vulnerability/CVE-2021-27616,,"Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application.",SAP,"SAP Business One, Version For SAP Hana (cookbooks)",7.8,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-05-11T14:19:33.000Z,0
CVE-2021-27614,https://securityvulnerability.io/vulnerability/CVE-2021-27614,,"SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application thereby highly impacting the integrity and availability of the application.",SAP,"SAP Business One, Version For SAP Hana (cookbooks)",7.3,HIGH,0.0004400000034365803,false,false,false,false,,false,false,2021-05-11T14:19:33.000Z,0