CVE-2021-38180 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-38180 PUBLISHED CVSS 9.300000190734863 CRITICAL

SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution.

EPSS 1.28% · 79.5th percentile

Risk Scores

CVSS v2.0

9.300000190734863

EPSS Score

1.28%

79.5th percentile

Affected Products

Vendor	Product	Versions
sap	business_one	10.0
SAP SE	SAP Business One	*

Timeline

Oct 12, 2021 CVE Published
Oct 13, 2021 EPSS Score
Dec 8, 2021 EPSS Score
Feb 2, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Mar 30, 2022 EPSS Score
May 25, 2022 EPSS Score
Jul 21, 2022 EPSS Score
Sep 15, 2022 EPSS Score
Jan 4, 2023 EPSS Score
Mar 1, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

Open in Interactive Console →