CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2460
https://notcve.org/view.php?id=CVE-2018-2460
SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack. La aplicación de Android SAP Business One 1.2 no verifica correctamente el certificado para la conexión HTTPS. Esto permite que los atacantes realicen ataques Man-in-the-Middle (MitM). • http://www.securityfocus.com/bid/105309 https://launchpad.support.sap.com/#/notes/2682503 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993 • CWE-295: Improper Certificate Validation •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2425
https://notcve.org/view.php?id=CVE-2018-2425
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, SAP Business One 9.2 y 9.3 para el servicio de copias de seguridad de SAP HANA permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/104438 https://launchpad.support.sap.com/#/notes/2588475 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=495289255 •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2410
https://notcve.org/view.php?id=CVE-2018-2410
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. En SAP Business One 9.2 y 9.3, el acceso al navegador no cifra lo suficiente las entradas controladas por el usuario, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103704 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018 https://launchpad.support.sap.com/#/notes/2582870 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 2%CPEs: 1EXPL: 2CVE-2016-6256 – SAP Business One for Android 1.2.3 - XML External Entity Injection
https://notcve.org/view.php?id=CVE-2016-6256
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065. SAP Business One para Android 1.2.3 permite a los atacantes remotos realizar ataques XML External Entity (XXE) a través de datos XML elaborados en una solicitud a B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, también conocido como SAP Security Note 2378065 SAP Business One for Android version 1.2.3 suffers from an XML external entity injection vulnerability. • https://www.exploit-db.com/exploits/42036 http://packetstormsecurity.com/files/142597/SAP-Business-One-For-Android-1.2.3-XML-Injection.html http://www.securityfocus.com/bid/98590 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 93%CPEs: 2EXPL: 4CVE-2009-4988 – SAP Business One 2005-A License Manager - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-4988
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000. Desbordamiento de búfer basado en pila en NT_Naming_Service.exe de SAP Business One 2005 A v6.80.123 y v6.80.320 permite a atacantes remotos ejecutar código de su elección a través de una solicitud larga GIOP al puerto TCP 30000. • https://www.exploit-db.com/exploits/9319 https://www.exploit-db.com/exploits/16423 http://secunia.com/advisories/36103 http://www.exploit-db.com/exploits/9319 http://www.securityfocus.com/archive/1/505489/100/0/threaded http://www.securityfocus.com/bid/35933 http://www.securitytracker.com/id?1022655 http://www.vupen.com/english/advisories/2009/2170 https://exchange.xforce.ibmcloud.com/vulnerabilities/52256 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •