Code Injection Vulnerability in SAP Business One Chef Cookbook
CVE-2021-27614

7.3HIGH

Key Information:

Vendor: SAP
Status: SAP Business One, Version For SAP Hana (cookbooks)
Vendor: CVE Published:; 11 May 2021

What is CVE-2021-27614?

The SAP Business One Chef Cookbook, used to deploy SAP Business One on the SAP HANA platform, is susceptible to a code injection vulnerability. This flaw allows an unauthorized attacker to inject malicious code that can be executed by the application, potentially leading to manipulation of the application's behavior. Such an issue poses risks to the integrity and availability of the application, making it crucial for users to take necessary precautions and apply updates to secure their environments.

Affected Version(s)

SAP Business One, version for SAP HANA (Cookbooks) < 8.82 < 8.82

SAP Business One, version for SAP HANA (Cookbooks) < 9.0 < 9.0

SAP Business One, version for SAP HANA (Cookbooks) < 9.1 < 9.1

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3049661

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2021
Vulnerability Reserved
Feb 23, 2021