CVE-2021-27616

CWE-863Incorrect Authorization3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 89.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP Business-one-hana-chef-cookbookSAP Business ONE
Timeline
PublishedMay 11
Latest updateMay 24

Description

Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDsap/business-one-hana-chef-cookbook0.1.19, 0.1.6, 0.1.7+2
NVDsap/business_one6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-3hx3-v4g2-hgqp: Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 82022-05-24
CVEList
CVE-2021-27616: Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 82021-05-11
CVE-2021-27616 (HIGH CVSS 7.8) | Under certain conditions | cvebase.io