Improper Access Control vulnerability in SAP Business One product installation
CVE-2023-31403

9.6CRITICAL

Key Information:

Vendor: SAP
Status: SAP Business One
Vendor: CVE Published:; 14 November 2023

What is CVE-2023-31403?

The SAP Business One installation version 10.0 lacks proper authentication and authorization checks for SMB shared folders, allowing malicious users to gain unauthorized access. This vulnerability permits these users to read and write files within the shared folder, significantly compromising the confidentiality, integrity, and availability of sensitive data. The potential for execution or misuse of files during the installation process poses additional risks, emphasizing the need for immediate remediation.

Affected Version(s)

SAP Business One 10.0

References

https://me.sap.com/notes/3355658

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Apr 27, 2023