Home/Product/sap business one
Product

sap business one

31 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-24319
all versions
In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access
5.8MEDIUM
 CVE-2023-31403
all versions
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folde
9.6CRITICAL
 CVE-2023-41365
all versions
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to c
4.3MEDIUM
 CVE-2023-39437
all versions
SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application
7.6HIGH
 CVE-2023-37487
all versions
SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to
5.3MEDIUM
 CVE-2023-33993
all versions
B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted querie
7.1HIGH
 CVE-2022-35292
all versions
In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes,
7.8HIGH
 CVE-2022-35168
all versions
Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service at
7.5HIGH
 CVE-2022-32249
all versions
Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data
7.5HIGH
 CVE-2022-31593
all versions
SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the applicat
8.8HIGH
 CVE-2021-44234
all versions
SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to a
5.5MEDIUM
 CVE-2021-42066
all versions
SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise b
4.4MEDIUM
 CVE-2021-38180
all versions
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to imprope
9.8CRITICAL
 CVE-2021-38179
all versions
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packe
4.9MEDIUM
 CVE-2021-33704
all versions
The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would oth
8.8HIGH
 CVE-2021-33700
all versions
SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to logi
7.8HIGH
 CVE-2021-33698
all versions
SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) with
8.8HIGH
 CVE-2021-37532
all versions
SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view
4.3MEDIUM
 CVE-2021-33688
all versions
SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database.
4.3MEDIUM
 CVE-2021-33686
all versions
Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensiti
5.3MEDIUM
 CVE-2021-33685
all versions
SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories th
6.5MEDIUM
 CVE-2021-33662
all versions
Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system
4.4MEDIUM
 CVE-2021-27616
all versions
Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Busi
7.8HIGH
 CVE-2021-27614
all versions
SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allo
7.1HIGH
 CVE-2020-6239
all versions
Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view
4.4MEDIUM
 CVE-2019-0256
all versions
Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would
5.5MEDIUM
 CVE-2018-2460
all versions
SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows atta
5.9MEDIUM
 CVE-2018-2458
all versions
Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to acces
7.5HIGH
 CVE-2018-2425
all versions
Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which w
8.4HIGH
 CVE-2018-2410
all versions
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scri
5.4MEDIUM
 CVE-2016-6256
all versions
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a
9.6CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin