Security misconfiguration vulnerability in SAP Business One (Service Layer)
CVE-2023-37487

5.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business One (service Layer)
Vendor: CVE Published:; 8 August 2023

Summary

SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application

Affected Version(s)

SAP Business One (Service Layer) 10.0

References

https://me.sap.com/notes/3333616

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 6, 2023