CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-37532
https://notcve.org/view.php?id=CVE-2021-37532
14 Sep 2021 — SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User. SAP Business One versión - 10, debido a una comprobación inapropiada de entrada, permite a un Usuario autenticado conseguir acceso al directorio y visualizar el contenido del índice en el directorio, que de otra manera estaría restringido a un Usuario con altos privilegios • https://launchpad.support.sap.com/#/notes/3075546 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33662
https://notcve.org/view.php?id=CVE-2021-33662
09 Jun 2021 — Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an attacker to access information which would otherwise be restricted. En determinadas condiciones, la instalación de SAP Business One, versión 10.0, divulga información confidencial en el sistema de archivos, permitiendo un atacante acceder a información que de otro modo estaría restringida • https://launchpad.support.sap.com/#/notes/3058382 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-27616
https://notcve.org/view.php?id=CVE-2021-27616
11 May 2021 — Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application. Bajo determinadas condiciones, SAP Business One Hana Chef Cookbook, versiones 8.82, 9.0, 9.1, 9.2... • https://launchpad.support.sap.com/#/notes/3049661 •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2021-27614
https://notcve.org/view.php?id=CVE-2021-27614
11 May 2021 — SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behaviour of the application thereby highly impacting the integrity and availability of the application. SAP Business One Hana Chef Cookbook, versiones 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, usados para instalar SAP Business One en SAP HANA, permite a un atacante inyectar código ... • https://launchpad.support.sap.com/#/notes/3049661 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6239
https://notcve.org/view.php?id=CVE-2020-6239
10 Jun 2020 — Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. Bajo determinadas condiciones, SAP Business One (servicio de Backup), versiones 9.3, 10.0, permite a un atacante con permisos de administrador visualizar la contraseña del usuario SYSTEM en texto sin cifrar, conllevando a una Divulgación de Información • https://launchpad.support.sap.com/#/notes/2908382 • CWE-522: Insufficiently Protected Credentials •