CVE-2023-37487

SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 08:11

Type Values Removed Values Added
References () https://me.sap.com/notes/3333616 - Permissions Required () https://me.sap.com/notes/3333616 - Permissions Required
References () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory

28 Sep 2024, 22:15

Type Values Removed Values Added
CWE CWE-200 CWE-497
Summary (en) SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application (en) SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application

Information

Published : 2023-08-08 01:15

Updated : 2024-11-21 08:11


NVD link : CVE-2023-37487

Mitre link : CVE-2023-37487

CVE.ORG link : CVE-2023-37487


JSON object : View

Products Affected

sap

  • business_one
CWE
CWE-497

Exposure of Sensitive System Information to an Unauthorized Control Sphere