CVE-2023-33993

HIGH

SAP Business One 10.0 - SQL Injection

Title source: llm

Description

B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3337797

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 7.1

EPSS 0.0028

EPSS Percentile 51.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

sap/business_one 10.0

Published Aug 08, 2023

Tracked Since Feb 18, 2026