VDB

CVE-2021-38180

CVE-2021-38180 PUBLISHED CVSS 9.300000190734863 CRITICAL

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution.

EPSS 1.28% · 79.9th percentile

Risk Scores

CVSS 2.0
9.300000190734863
EPSS Score
1.28%
79.9th percentile

Affected Products

VendorProductVersions
sapbusiness_one10.0
SAP SESAP Business One*

Timeline

  • Oct 12, 2021 CVE Published
  • Oct 13, 2021 EPSS Score
  • Dec 9, 2021 EPSS Score
  • Feb 3, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 27, 2022 EPSS Score
  • Sep 18, 2022 EPSS Score
  • Nov 14, 2022 EPSS Score
  • Jan 9, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Jun 28, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›