Lucene search

[email protected]CVE-2023-41365

HistoryOct 10, 2023 - 2:15 a.m.

CVE-2023-41365

2023-10-1002:15:10

CWE-209

[email protected]

web.nvd.nist.gov

sap

business one

b1i

version 10.0

xxe injection

stack trace

information disclosure

cve-2023-41365

nvd

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.

Affected configurations

NVD

Node

sapbusiness_oneMatch10.0

CPENameOperatorVersion
sap:business_onesap business oneeq10.0

CPE	Name	Operator	Version
sap:business_one	sap business one	eq	10.0

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Business One (B1i)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "10.0"
      }
    ]
  }
]

References

me.sap.com/notes/3338380

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for CVE-2023-41365

prion1 cvelist1 nvd1