Local Authentication Bypass Flaw in SAP Business One
CVE-2021-33700

7HIGH

Key Information:

Vendor: SAP
Status: SAP Business One
Vendor: CVE Published:; 15 September 2021

Summary

SAP Business One, version 10.0, contains a vulnerability that permits a local attacker with access to the victim's browser to log in as the victim without needing to know their password. This access could potentially expose highly sensitive information, leading to unauthorized control over the vulnerable application. The implications of this vulnerability emphasize the importance of securing web browsers and access points to prevent exploitation.

Affected Version(s)

SAP Business One < 10.0

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3073325

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 15, 2021
Vulnerability Reserved
May 28, 2021