CVE-2023-41365

CWE-611XML External Entity (XXE)CWE-2093 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 69.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business ONE (b1i)SAP Business ONE
Timeline
PublishedOct 10

Description

SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Information Disclosure vulnerability in SAP Business One (B1i)2023-10-10
GHSA
GHSA-9983-52gj-4grg: SAP Business One (B1i) - version 102023-10-10
CVE-2023-41365 (MEDIUM CVSS 4.3) | SAP Business One (B1i) - version 10 | cvebase.io