CVE-2023-37487

Security misconfiguration vulnerability in SAP Business One (Service Layer)

CVSS 5.3 MEDIUMEPSS 0.4%CWE-497

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.4%KEV nãoPoC —Patch —

Ciclo de vida

08 ago 2023Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Productos afectados

SAP_SE · SAP Business One (Service Layer)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://me.sap.com/notes/3333616 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html