Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
business one vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-27616
Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an malicious user to exploit an insecure temporary backup path and to access information which would otherwise be restri...
Sap Business One 9.2
Sap Business One 9.3
Sap Business One 10.0
Sap Business One 9.1
Sap Business One 9.0
Sap Business One 8.82
Sap Business-one-hana-chef-cookbook 0.1.7
Sap Business-one-hana-chef-cookbook 0.1.19
Sap Business-one-hana-chef-cookbook 0.1.6
5.4
CVSSv3
CVE-2018-2410
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.
Sap Business One 9.2
Sap Business One 9.3
7.5
CVSSv3
CVE-2018-2458
Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an malicious user to access information which would otherwise be restricted.
Sap Business One 9.2
Sap Business One 9.3
4.4
CVSSv3
CVE-2020-6239
Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.
Sap Business One 9.3
Sap Business One 10.0
5.5
CVSSv3
CVE-2018-2425
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an malicious user to access information which would otherwise be restricted.
Sap Business One 9.3
Sap Business One 9.2
3.3
CVSSv3
CVE-2019-0353
Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), prior to 9.2 and 9.3, allows an malicious user to access information which would otherwise be restricted.
Sap Business One Client 9.3
Sap Business One Client 9.2
NA
CVE-2009-4988
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote malicious users to execute arbitrary code via a long GIOP request to TCP port 30000.
Sap Business One 2005-a 6.80.320
Sap Business One 2005-a 6.80.123
2 EDB exploits
6.1
CVSSv3
CVE-2018-2502
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
Sap Business One On Hana 9.2
Sap Business One On Hana 9.3
4.3
CVSSv3
CVE-2023-41365
SAP Business One (B1i) - version 10.0, allows an authorized malicious user to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the ...
Sap Business One 10.0
4.9
CVSSv3
CVE-2021-38179
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.
Sap Business One 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »