CVE-2026-24319

MEDIUM

SAP Business One - Info Disclosure

Title source: llm

Description

In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.

References (2)

[Permissions Required] https://me.sap.com/notes/3679346

[Vendor Advisory] https://url.sap/sapsecuritypatchday

Scores

CVSS v3 5.8

EPSS 0.0000

EPSS Percentile 0.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Classification

CWE

CWE-316 CWE-312

Status published

Affected Products (2)

sap/business_one

Timeline

Published Feb 10, 2026

Tracked Since Feb 18, 2026