CVE-2021-33700
published 2021-09-15CVE-2021-33700: SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | business_one | — | — |
| sap_se | sap_business_one | < 10.0 | 10.0 |