Unrated severityNVD Advisory· Published Oct 10, 2023· Updated Sep 26, 2024

Information Disclosure vulnerability in SAP Business One (B1i)

CVE-2023-41365

Description

SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.

Affected products

SAP/Business One (B1i)llm-create
Range: =10.0
SAP/Sap Business Onecpe-rescue
Range: 10.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

me.sap.com/notes/3338380mitre
www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000