B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3337797 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
https://me.sap.com/notes/3337797 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:06
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.1 |
References | () https://me.sap.com/notes/3337797 - Permissions Required | |
References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
15 Aug 2023, 15:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:* | |
First Time |
Sap business One
Sap |
|
References | (MISC) https://me.sap.com/notes/3337797 - Permissions Required | |
References | (MISC) https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
08 Aug 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-08 01:15
Updated : 2024-11-21 08:06
NVD link : CVE-2023-33993
Mitre link : CVE-2023-33993
CVE.ORG link : CVE-2023-33993
JSON object : View
Products Affected
sap
- business_one
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')