VYPR

Business One (B1i)

by SAP

CVEs (17)

  • CVE-2016-6256CriMay 26, 2017
    risk 0.66cvss 9.6epss 0.08

    SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP…

  • CVE-2018-2425HigJun 12, 2018
    risk 0.55cvss 8.4epss 0.00

    Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.

  • CVE-2009-4988Aug 25, 2010
    risk 0.08cvss epss 0.66

    Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.

  • CVE-2023-41365Oct 10, 2023
    risk 0.00cvss epss 0.00

    SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the…

  • CVE-2022-35292Sep 13, 2022
    risk 0.00cvss epss 0.00

    In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversaries,…

  • CVE-2022-31593Jul 12, 2022
    risk 0.00cvss epss 0.01

    SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

  • CVE-2021-44234Jan 14, 2022
    risk 0.00cvss epss 0.00

    SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

  • CVE-2021-38180Oct 12, 2021
    risk 0.00cvss epss 0.02

    SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to…

  • CVE-2021-33704Sep 15, 2021
    risk 0.00cvss epss 0.01

    The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited…

  • CVE-2021-33698Sep 15, 2021
    risk 0.00cvss epss 0.01

    SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.

  • CVE-2021-33700Sep 15, 2021
    risk 0.00cvss epss 0.00

    SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take…

  • CVE-2021-33686Sep 14, 2021
    risk 0.00cvss epss 0.01

    Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.

  • CVE-2021-33685Sep 14, 2021
    risk 0.00cvss epss 0.01

    SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data

  • CVE-2021-37532Sep 14, 2021
    risk 0.00cvss epss 0.01

    SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.

  • CVE-2021-33662Jun 9, 2021
    risk 0.00cvss epss 0.00

    Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted.

  • CVE-2020-6239Jun 10, 2020
    risk 0.00cvss epss 0.00

    Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.

  • CVE-2019-0353Sep 10, 2019
    risk 0.00cvss epss 0.00

    Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.