← back
CVE-2021-37532

CVE-2021-37532

CVSS 4.3 MEDIUMEPSS 0.8%CWE-22
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Sep 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
SAP SE · SAP Business One

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/3075546https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405