CVE-2021-27616

7.8HIGH

Key Information:

Vendor: SAP
Status: SAP Business One, Version For SAP Hana (cookbooks)
Vendor: CVE Published:; 11 May 2021

Summary

Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application.

Affected Version(s)

SAP Business One, version for SAP HANA (Cookbooks) < 8.82 < 8.82

SAP Business One, version for SAP HANA (Cookbooks) < 9.0 < 9.0

SAP Business One, version for SAP HANA (Cookbooks) < 9.1 < 9.1

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3049661

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2021
Vulnerability Reserved
Feb 23, 2021