VDB
CVE-2021-38180
CVE-2021-38180
PUBLISHED
CVSS 9.300000190734863 CRITICAL
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution.
EPSS 1.28% · 79.9th percentile
Risk Scores
CVSS 2.0
9.300000190734863
EPSS Score
1.28%
79.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sap | business_one | 10.0 |
| SAP SE | SAP Business One | * |
Timeline
- Oct 12, 2021 CVE Published
- Oct 13, 2021 EPSS Score
- Dec 9, 2021 EPSS Score
- Feb 3, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 27, 2022 EPSS Score
- Sep 18, 2022 EPSS Score
- Nov 14, 2022 EPSS Score
- Jan 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Jun 28, 2023 EPSS Score