CVE-2021-33700

CWE-288CWE-287Improper Authentication3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 89.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ONESAP Business ONE
Timeline
PublishedSep 15
Latest updateMay 24

Description

SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5sap_se/sap_business_one< 10.0

Patches

Patch: wiki.scn.sap.comPatch: wiki.scn.sap.com

🔴Vulnerability Details

2
GHSA
GHSA-77c8-7ffw-q7m9: SAP Business One, version - 102022-05-24
CVEList
CVE-2021-33700: SAP Business One, version - 102021-09-15
CVE-2021-33700 (HIGH CVSS 7.8) | SAP Business One | cvebase.io