CVE-2021-37532Path Traversal in SE SAP Business ONE

CWE-22Path Traversal3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 52.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ONESAP Business ONE
Timeline
PublishedSep 14
Latest updateMay 24

Description

SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of index in the directory, which would otherwise be restricted to high privileged User.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5sap_se/sap_business_one< 10.0

🔴Vulnerability Details

2
GHSA
GHSA-ggf5-69xh-578m: SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of ind2022-05-24
CVEList
CVE-2021-37532: SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the contents of ind2021-09-14
CVE-2021-37532 — Path Traversal in SE SAP Business ONE | cvebase