Sensitive Information Disclosure in SAP Business One by SAP
CVE-2021-44234

5.5MEDIUM

Key Information:

Vendor
SAP
Status
SAP Business One
Vendor
CVE Published:
14 January 2022

Summary

SAP Business One version 10.0 contains a vulnerability where the extended log feature stores sensitive information. This information may provide attackers with valuable insights, potentially compromising user data and overall system security. Organizations utilizing this version are advised to evaluate their logging configurations and implement appropriate security measures to mitigate risks associated with sensitive data exposure.

Affected Version(s)

SAP Business One < 10.0

References

https://launchpad.support.sap.com/#/notes/3106528
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.