CVE-2023-33993
CVSS 3.1 Score 7.5 of 10 (high)
Confidentiality high
Integrity high
Availability high
Attack Complexity high
Privileges Required low
Scope unchanged
Details
Published Aug 8, 2023
Updated: Aug 15, 2023
CWE ID 89
Summary
CVE-2023-33993: SAP Business One's B1i module, affecting version 10.0, contains a vulnerability that allows authenticated users with advanced knowledge to send manipulated queries over the network. This issue can result in the attacker gaining unauthorized access to SQL data, leading to high impact on the application's confidentiality, integrity, and availability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- SAP Business One
Affected Vendors
- SAP SE