Information Disclosure Vulnerability in SAP Business One for HANA
CVE-2021-27616

7.8HIGH

Key Information:

Vendor: SAP
Status: SAP Business One, Version For SAP Hana (cookbooks)
Vendor: CVE Published:; 11 May 2021

Summary

The SAP Business One Hana Chef Cookbook contains a vulnerability that allows unauthorized access to sensitive information through an insecure temporary backup path. This misconfiguration affects multiple product versions, enabling attackers to exploit this weakness to gain restricted access to data. This issue poses significant risks to data confidentiality and integrity, necessitating prompt remediation to secure the application from potential threats.

Affected Version(s)

SAP Business One, version for SAP HANA (Cookbooks) < 8.82 < 8.82

SAP Business One, version for SAP HANA (Cookbooks) < 9.0 < 9.0

SAP Business One, version for SAP HANA (Cookbooks) < 9.1 < 9.1

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3049661

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 11, 2021
Vulnerability Reserved
Feb 23, 2021