Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2908382 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 | Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2908382 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 05:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://launchpad.support.sap.com/#/notes/2908382 - Permissions Required | |
References | () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 - Vendor Advisory |
Information
Published : 2020-06-10 13:15
Updated : 2024-11-21 05:35
NVD link : CVE-2020-6239
Mitre link : CVE-2020-6239
CVE.ORG link : CVE-2020-6239
JSON object : View
Products Affected
sap
- business_one
CWE
CWE-522
Insufficiently Protected Credentials