Sensitive Information Disclosure in SAP Business One by SAP
CVE-2021-33662

6.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business One
Vendor: CVE Published:; 9 June 2021

Summary

Under specific circumstances, the installation of SAP Business One, version 10.0, can inadvertently disclose sensitive information residing on the file system. This exposure allows an unauthorized attacker to gain access to data that is typically restricted, highlighting the importance of securing installation processes and configurations to mitigate potential risks.

Affected Version(s)

SAP Business One < 10.0

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3058382

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 9, 2021
Vulnerability Reserved
May 28, 2021