Debug Function Exposure in SAP Business One Integration Admin UI
CVE-2021-38179

4.9MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business One
Vendor: CVE Published:; 12 October 2021

Summary

The debug function of the SAP Business One Integration Admin UI is inadvertently enabled by default. This configuration flaw allows an admin user to access sensitive packet contents, which may include user credentials. Such exposure presents a considerable risk for unauthorized access and data breaches, emphasizing the need for proper security configurations and regular audits.

Affected Version(s)

SAP Business One < 10.0

References

https://launchpad.support.sap.com/#/notes/3074819

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 12, 2021
Vulnerability Reserved
Aug 7, 2021