Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
business one vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2021-27616
Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an malicious user to exploit an insecure temporary backup path and to access information which would otherwise be restri...
Sap Business One 9.2
Sap Business One 9.3
Sap Business One 10.0
Sap Business One 9.1
Sap Business One 9.0
Sap Business One 8.82
Sap Business-one-hana-chef-cookbook 0.1.7
Sap Business-one-hana-chef-cookbook 0.1.19
Sap Business-one-hana-chef-cookbook 0.1.6
3.5
CVSSv2
CVE-2018-2410
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.
Sap Business One 9.2
Sap Business One 9.3
2.1
CVSSv2
CVE-2018-2425
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an malicious user to access information which would otherwise be restricted.
Sap Business One 9.3
Sap Business One 9.2
5
CVSSv2
CVE-2018-2458
Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an malicious user to access information which would otherwise be restricted.
Sap Business One 9.2
Sap Business One 9.3
2.1
CVSSv2
CVE-2020-6239
Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.
Sap Business One 9.3
Sap Business One 10.0
2.1
CVSSv2
CVE-2019-0353
Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), prior to 9.2 and 9.3, allows an malicious user to access information which would otherwise be restricted.
Sap Business One Client 9.3
Sap Business One Client 9.2
4.3
CVSSv2
CVE-2018-2502
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
Sap Business One On Hana 9.2
Sap Business One On Hana 9.3
10
CVSSv2
CVE-2009-4988
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote malicious users to execute arbitrary code via a long GIOP request to TCP port 30000.
Sap Business One 2005-a 6.80.320
Sap Business One 2005-a 6.80.123
2 EDB exploits
4
CVSSv2
CVE-2021-38179
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.
Sap Business One 10.0
6.5
CVSSv2
CVE-2022-31593
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Sap Business One 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »