CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-27616
https://notcve.org/view.php?id=CVE-2021-27616
11 May 2021 — Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application. Bajo determinadas condiciones, SAP Business One Hana Chef Cookbook, versiones 8.82, 9.0, 9.1, 9.2... • https://launchpad.support.sap.com/#/notes/3049661 •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2021-27614
https://notcve.org/view.php?id=CVE-2021-27614
11 May 2021 — SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application thereby highly impacting the integrity and availability of the application. SAP Business One Hana Chef Cookbook, versiones 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, usados para instalar SAP Business One en SAP HANA, permite a un atacante inyectar código ... • https://launchpad.support.sap.com/#/notes/3049661 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-0353
https://notcve.org/view.php?id=CVE-2019-0353
10 Sep 2019 — Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, el cliente SAP Business One (B1_ON_HANA, SAP-M-BO), versiones anteriores a 9.2 y 9.3, permite a un atacante acceder a información que de otra manera estaría restringida. • https://launchpad.support.sap.com/#/notes/2768864 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2502
https://notcve.org/view.php?id=CVE-2018-2502
11 Dec 2018 — TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3). El método TRACE está habilitado en SAP Business One Service Layer. Un atacante puede emplear un ataque XST (Cross-Site Tracing) si las aplicaciones del frontend que emplean Service Layer tienen una vulnerabilidad Cross-Site Scripting (XS... • http://www.securityfocus.com/bid/106173 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2458
https://notcve.org/view.php?id=CVE-2018-2458
11 Sep 2018 — Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, en Crystal Report en SAP Business One 9.2 y 9.3, el tipo de conexión permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/105307 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2425
https://notcve.org/view.php?id=CVE-2018-2425
12 Jun 2018 — Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, SAP Business One 9.2 y 9.3 para el servicio de copias de seguridad de SAP HANA permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/104438 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2410
https://notcve.org/view.php?id=CVE-2018-2410
10 Apr 2018 — SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. En SAP Business One 9.2 y 9.3, el acceso al navegador no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103704 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •