CNVD-2023-100008 — Vulnetix

CNVD-2023-100008 PUBLISHED CVSS 9.600000381469727 CRITICAL

SAP Business One是德国思爱普（SAP）公司的一套企业管理软件。该软件包括财务管理、运营管理和人力资源管理等功能。 SAP Business One 10.0版本存在访问控制错误漏洞，该漏洞源于未对SMB共享文件夹执行正确的身份验证和授权检查。攻击者利用该漏洞可以读取和写入SMB共享文件夹。

Risk Scores

CVSS 3.1

9.600000381469727

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
SAP_SE	SAP Business One	10.0

Exploit Intelligence

https://me.sap.com/notes/3355658 (circl)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html (circl)

Timeline

Nov 13, 2023 CVE Published

References

https://me.sap.com/notes/3355658 url
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html url

Open in Interactive Console →