CVE-2026-24319 — Cleartext Storage of Sensitive Information in Memory in SE SAP Business ONE

CWE-316 — Cleartext Storage of Sensitive Information in Memory CWE-312 — Cleartext Storage of Sensitive Info4 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.0%

top 99.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business ONE SAP Business ONE

Timeline

PublishedFeb 10

Description

In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:NExploitability: 0.6 | Impact: 5.2

Affected Packages2 packages

▶NVDsap/business_one10.0

▶CVEListV5sap_se/sap_business_oneB1_ON_HANA 10.0, SAP-M-BO 10.0+1

🔴Vulnerability Details

CVEList

Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files)↗2026-02-10

▶

GHSA

GHSA-pf56-w9mv-33wc: In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation↗2026-02-10

▶

🕵️Threat Intelligence

Wiz

CVE-2026-24319 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶