CVE-2021-37532
Published on: 09/14/2021 12:00:00 AM UTC
Last Modified on: 09/23/2021 07:49:00 PM UTC
Certain versions of Business One from Sap contain the following vulnerability:
SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.
- CVE-2021-37532 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
SAP SE - SAP Business One version 10.0
CVSS3 Score: 4.3 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | LOW | NONE | NONE |
CVSS2 Score: 4 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
No Description Provided | launchpad.support.sap.com text/html |
![]() |
SAP Security Patch Day – September 2021 - Product Security Response at SAP - Community Wiki | wiki.scn.sap.com text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Sap | Business One | 10.0 | All | All | All |
- cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-37532 : #SAP Business One version - 10, due to improper input validation, allows an authenticated User to… twitter.com/i/web/status/1… | 2021-09-14 12:09:41 |