Description
SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3075546
Scores
CVSS v3
4.3
EPSS
0.0024
EPSS Percentile
47.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (1)
sap/business_one
10.0
Published
Sep 14, 2021
Tracked Since
Feb 18, 2026