← back
CVE-2021-33704

CVE-2021-33704

CVSS 6.3 MEDIUMEPSS 0.6%CWE-862
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
SAP SE · SAP Business One

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/3078072https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806