CVE-2021-33698

9.9CRITICAL

Key Information:

Vendor: SAP
Status: SAP Business One
Vendor: CVE Published:; 15 September 2021

Summary

SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format validation.

Affected Version(s)

SAP Business One < 10.0

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3071984

x_refsource_MISC

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 15, 2021
Vulnerability Reserved
May 28, 2021