CVE-2020-6239

Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sap:business_one:9.3:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 05:35

Type Values Removed Values Added
References () https://launchpad.support.sap.com/#/notes/2908382 - Permissions Required () https://launchpad.support.sap.com/#/notes/2908382 - Permissions Required
References () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 - Vendor Advisory () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 - Vendor Advisory

Information

Published : 2020-06-10 13:15

Updated : 2024-11-21 05:35


NVD link : CVE-2020-6239

Mitre link : CVE-2020-6239

CVE.ORG link : CVE-2020-6239


JSON object : View

Products Affected

sap

  • business_one
CWE
CWE-522

Insufficiently Protected Credentials