Improper Access Control vulnerability in SAP Business One product installation
CVE-2023-31403

8HIGH

Key Information:

Vendor: SAP
Status: SAP Business One
Vendor: CVE Published:; 14 November 2023

Summary

The SAP Business One installation version 10.0 lacks proper authentication and authorization checks for SMB shared folders, allowing malicious users to gain unauthorized access. This vulnerability permits these users to read and write files within the shared folder, significantly compromising the confidentiality, integrity, and availability of sensitive data. The potential for execution or misuse of files during the installation process poses additional risks, emphasizing the need for immediate remediation.

Affected Version(s)

SAP Business One 10.0

References

https://me.sap.com/notes/3355658

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Apr 27, 2023