CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44234
https://notcve.org/view.php?id=CVE-2021-44234
14 Jan 2022 — SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. SAP Business One - versión 10.0, el registro extendido almacena información que puede ser de naturaleza confidencial y dar una valiosa orientación a un atacante o exponer información confidencial del usuario • https://launchpad.support.sap.com/#/notes/3106528 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42066
https://notcve.org/view.php?id=CVE-2021-42066
14 Dec 2021 — SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application. SAP Business One - versión 10.0, permite a un usuario administrador ver la contraseña de la base de datos en texto plano a través de la red, qu... • https://launchpad.support.sap.com/#/notes/3101299 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38180
https://notcve.org/view.php?id=CVE-2021-38180
12 Oct 2021 — SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution. SAP Business One - versión 10.0, permite a un atacante inyectar fórmulas cuando se exportan datos a Excel (inyección CSV) debido a u... • https://launchpad.support.sap.com/#/notes/3079427 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38179
https://notcve.org/view.php?id=CVE-2021-38179
12 Oct 2021 — Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials. La función de depuración de la Interfaz de Usuario de administración de SAP Business One Integration está habilitada por defecto. Esto permite al usuario administrador visualizar el contenido del paquete capturado, que puede incluir las credenciales del Usuario • https://launchpad.support.sap.com/#/notes/3074819 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33704
https://notcve.org/view.php?id=CVE-2021-33704
15 Sep 2021 — The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users. La Capa de Servicio de SAP Bu... • https://launchpad.support.sap.com/#/notes/3078072 • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33698
https://notcve.org/view.php?id=CVE-2021-33698
15 Sep 2021 — SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation. SAP Business One, versión - 10.0, permite a un atacante con autorización de negocio cargar cualquier archivo (incluyendo archivos de script) sin la comprobación de formato de archivo apropiada • https://launchpad.support.sap.com/#/notes/3071984 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33700
https://notcve.org/view.php?id=CVE-2021-33700
15 Sep 2021 — SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application. SAP Business One, versión - 10.0, permite a un atacante local con acceso al navegador de la víctima bajo determinadas circunstancias, iniciar sesión como la víctima sin conocer su contra... • https://launchpad.support.sap.com/#/notes/3073325 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33688
https://notcve.org/view.php?id=CVE-2021-33688
14 Sep 2021 — SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained. SAP Business One permite a un atacante con privilegios empresariales ejecutar consultas de base de datos diseñadas, exponiendo la base de datos del back-end. Debido a las restricciones del framework, sólo se puede conseguir cierta información • https://launchpad.support.sap.com/#/notes/3069882 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33686
https://notcve.org/view.php?id=CVE-2021-33686
14 Sep 2021 — Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree. Bajo ciertas condiciones, SAP Business One versión - 10.0, permite a un atacante no autorizado conseguir acceso a alguna información confidencial encriptada, pero no presenta control sobre el tipo o el grado • https://launchpad.support.sap.com/#/notes/3070138 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33685
https://notcve.org/view.php?id=CVE-2021-33685
14 Sep 2021 — SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data SAP Business One versión - 10.0 permite a un atacante autorizado de bajo nivel saltar el sistema de archivos para acceder a archivos o directorios que están fuera del directorio restringido. Un ataque con éxito permite el acceso a datos confidenciales de alto nivel • https://launchpad.support.sap.com/#/notes/3069032 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •