CVE-2021-38179

4.9MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business One
Vendor: CVE Published:; 12 October 2021

Summary

Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.

Affected Version(s)

SAP Business One < 10.0

References

https://launchpad.support.sap.com/#/notes/3074819

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2021
Vulnerability Reserved
Aug 7, 2021