Insecure Temporary Folder Exploit in SAP Business One Chef Cookbook
CVE-2021-27613

7.8HIGH

Key Information:

Vendor: SAP
Status: SAP Business One (cookbooks)
Vendor: CVE Published:; 11 May 2021

What is CVE-2021-27613?

The SAP Business One Chef cookbook versions 9.2, 9.3, and 10.0 contain a vulnerability that allows attackers to exploit an insecure temporary folder used for processing incoming and outgoing payroll data. This flaw can lead to unauthorized access to sensitive information, thereby compromising system confidentiality, integrity, and availability. Proper measures should be taken to secure these folders to prevent potential data breaches and ensure the protection of sensitive payroll information.

Affected Version(s)

SAP Business One (Cookbooks) < 9.2 < 9.2

SAP Business One (Cookbooks) < 9.3 < 9.3

SAP Business One (Cookbooks) < 10.0 < 10.0

References

https://launchpad.support.sap.com/#/notes/3049755

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2021
Vulnerability Reserved
Feb 23, 2021