CVE-2023-31403

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-31403
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.

9.6 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://me.sap.com/notes/3355658 Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
https://me.sap.com/notes/3355658 Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*
History

21 Nov 2024, 08:01

Type Values Removed Values Added
References () https://me.sap.com/notes/3355658 - Permissions Required () https://me.sap.com/notes/3355658 - Permissions Required
References () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
CVSS v2 : unknown
v3 : 8.0 		v2 : unknown
v3 : 9.6

28 Sep 2024, 22:15

Type Values Removed Values Added
CWE CWE-284
Summary (en) SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability. (en) SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.

20 Nov 2023, 19:51

Type Values Removed Values Added
CWE CWE-863
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.0
First Time Sap
Sap business One
References () https://me.sap.com/notes/3355658 - () https://me.sap.com/notes/3355658 - Permissions Required
References () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory
CPE cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*

14 Nov 2023, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-14 01:15

Updated : 2024-11-21 08:01

NVD link : CVE-2023-31403

Mitre link : CVE-2023-31403

CVE.ORG link : CVE-2023-31403

JSON object : View

Products Affected

sap

  • business_one
CWE
CWE-863

Incorrect Authorization


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024