Business One (B1i)
by SAP
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-41365 | 0.00 | — | 0.00 | Oct 10, 2023 | SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the… | |||
| CVE-2021-44234 | 0.00 | — | 0.00 | Jan 14, 2022 | SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. | |||
| CVE-2021-38180 | 0.00 | — | 0.01 | Oct 12, 2021 | SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to… | |||
| CVE-2021-33704 | 0.00 | — | 0.00 | Sep 15, 2021 | The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited… | |||
| CVE-2021-33698 | 0.00 | — | 0.00 | Sep 15, 2021 | SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. | |||
| CVE-2021-33700 | 0.00 | — | 0.00 | Sep 15, 2021 | SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take… | |||
| CVE-2021-33686 | 0.00 | — | 0.00 | Sep 14, 2021 | Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree. | |||
| CVE-2021-33685 | 0.00 | — | 0.00 | Sep 14, 2021 | SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data | |||
| CVE-2021-37532 | 0.00 | — | 0.00 | Sep 14, 2021 | SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User. | |||
| CVE-2021-33662 | 0.00 | — | 0.00 | Jun 9, 2021 | Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted. | |||
| CVE-2020-6239 | 0.00 | — | 0.00 | Jun 10, 2020 | Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. | |||
| CVE-2019-0353 | 0.00 | — | 0.00 | Sep 10, 2019 | Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted. | |||
| CVE-2018-2425 | 0.00 | — | 0.00 | Jun 12, 2018 | Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. |
- CVE-2023-41365Oct 10, 2023risk 0.00cvss —epss 0.00
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the…
- CVE-2021-44234Jan 14, 2022risk 0.00cvss —epss 0.00
SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
- CVE-2021-38180Oct 12, 2021risk 0.00cvss —epss 0.01
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to…
- CVE-2021-33704Sep 15, 2021risk 0.00cvss —epss 0.00
The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited…
- CVE-2021-33698Sep 15, 2021risk 0.00cvss —epss 0.00
SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.
- CVE-2021-33700Sep 15, 2021risk 0.00cvss —epss 0.00
SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take…
- CVE-2021-33686Sep 14, 2021risk 0.00cvss —epss 0.00
Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.
- CVE-2021-33685Sep 14, 2021risk 0.00cvss —epss 0.00
SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data
- CVE-2021-37532Sep 14, 2021risk 0.00cvss —epss 0.00
SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.
- CVE-2021-33662Jun 9, 2021risk 0.00cvss —epss 0.00
Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted.
- CVE-2020-6239Jun 10, 2020risk 0.00cvss —epss 0.00
Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.
- CVE-2019-0353Sep 10, 2019risk 0.00cvss —epss 0.00
Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.
- CVE-2018-2425Jun 12, 2018risk 0.00cvss —epss 0.00
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.