Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Business_one
(Sap)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 30 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-08 | CVE-2023-37487 | SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application | Business_one | 5.3 | ||
| 2023-08-08 | CVE-2023-39437 | SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application. | Business_one | 5.4 | ||
| 2023-10-10 | CVE-2023-41365 | SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability. | Business_one | 4.3 | ||
| 2023-11-14 | CVE-2023-31403 | SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability. | Business_one | 8.0 | ||
| 2018-09-11 | CVE-2018-2458 | Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would otherwise be restricted. | Business_one | 7.5 | ||
| 2018-06-12 | CVE-2018-2425 | Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. | Business_one | 5.5 | ||
| 2018-04-10 | CVE-2018-2410 | SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | Business_one | 5.4 | ||
| 2017-05-26 | CVE-2016-6256 | SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065. | Business_one | 9.6 | ||
| 2019-02-15 | CVE-2019-0256 | Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted. | Business_one | 5.5 | ||
| 2018-09-11 | CVE-2018-2460 | SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack. | Business_one | 5.9 |