CVE-2020-6239
https://notcve.org/view.php?id=CVE-2020-6239
Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure. Bajo determinadas condiciones, SAP Business One (servicio de Backup), versiones 9.3, 10.0, permite a un atacante con permisos de administrador visualizar la contraseña del usuario SYSTEM en texto sin cifrar, conllevando a una Divulgación de Información • https://launchpad.support.sap.com/#/notes/2908382 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 • CWE-522: Insufficiently Protected Credentials •
CVE-2019-0353
https://notcve.org/view.php?id=CVE-2019-0353
Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, el cliente SAP Business One (B1_ON_HANA, SAP-M-BO), versiones anteriores a 9.2 y 9.3, permite a un atacante acceder a información que de otra manera estaría restringida. • https://launchpad.support.sap.com/#/notes/2768864 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 •
CVE-2019-0256
https://notcve.org/view.php?id=CVE-2019-0256
Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, la aplicación de Android SAP Business One Mobile, en su versión 1.2.12, permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106995 https://launchpad.support.sap.com/#/notes/2723878 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943 •
CVE-2018-2502
https://notcve.org/view.php?id=CVE-2018-2502
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3). El método TRACE está habilitado en SAP Business One Service Layer. Un atacante puede emplear un ataque XST (Cross-Site Tracing) si las aplicaciones del frontend que emplean Service Layer tienen una vulnerabilidad Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/106173 https://launchpad.support.sap.com/#/notes/2680492 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-2458
https://notcve.org/view.php?id=CVE-2018-2458
Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, en Crystal Report en SAP Business One 9.2 y 9.3, el tipo de conexión permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/105307 https://launchpad.support.sap.com/#/notes/2670284 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 •