Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
business one vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2021-38180
SAP Business One - version 10.0, allows an malicious user to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim a...
Sap Business One 10.0
NA
CVE-2022-35292
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. If the service is exploited by adversari...
Sap Business One 10.0
NA
CVE-2023-39437
SAP business One allows - version 10.0, allows an malicious user to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integri...
Sap Business One 10.0
2.1
CVSSv2
CVE-2021-44234
SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Sap Business One 10.0
2.1
CVSSv2
CVE-2019-0256
Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an malicious user to access information which would otherwise be restricted.
Sap Business One 1.2.12
4
CVSSv2
CVE-2021-33688
SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained.
Sap Business One 10.0
4.6
CVSSv2
CVE-2021-33700
SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take ...
Sap Business One 10.0
6.5
CVSSv2
CVE-2021-33704
The Service Layer of SAP Business One, version - 10.0, allows an authenticated malicious user to invoke certain functions that would otherwise be restricted to specific users. For an malicious user to discover the vulnerable function, no in-depth system knowledge is required. Onc...
Sap Business One 10.0
2.1
CVSSv2
CVE-2021-33662
Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing an malicious user to access information which would otherwise be restricted.
Sap Business One 10.0
4
CVSSv2
CVE-2021-33685
SAP Business One version - 10.0 allows low-level authorized malicious user to traverse the file system to access files or directories that are outside of the restricted directory. A successful attack allows access to high level sensitive data
Sap Business One 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »