Every CVE whose affected-product data names Sap Business One, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2021-38180 — CVSS 9.8 (critical): SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper…
CVE-2016-6256 — CVSS 9.6 (critical): SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request…
CVE-2023-31403 — CVSS 9.6 (critical): SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a…
CVE-2021-33704 — CVSS 8.8 (high): The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be…
CVE-2021-33698 — CVSS 8.8 (high): SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the…
CVE-2022-31593 — CVSS 8.8 (high): SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An…
CVE-2018-2425 — CVSS 8.4 (high): Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would…
CVE-2021-27616 — CVSS 7.8 (high): Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One…
CVE-2021-33700 — CVSS 7.8 (high): SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the…
CVE-2022-35292 — CVSS 7.8 (high): In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading…
CVE-2023-39437 — CVSS 7.6 (high): SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets…
CVE-2022-32249 — CVSS 7.5 (high): Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to…
CVE-2022-35168 — CVSS 7.5 (high): Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack…
CVE-2018-2458 — CVSS 7.5 (high): Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access…
CVE-2023-33993 — CVSS 7.1 (high): B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over…
CVE-2021-27614 — CVSS 7.1 (high): SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an…
CVE-2021-33685 — CVSS 6.5 (medium): SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are…
CVE-2018-2460 — CVSS 5.9 (medium): SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to…
CVE-2026-24319 — CVSS 5.8 (medium): In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this…
CVE-2019-0256 — CVSS 5.5 (medium): Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would…
CVE-2021-44234 — CVSS 5.5 (medium): SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an…
CVE-2018-2410 — CVSS 5.4 (medium): SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting…
CVE-2021-33686 — CVSS 5.3 (medium): Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive…
CVE-2023-37487 — CVSS 5.3 (medium): SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access…
CVE-2021-38179 — CVSS 4.9 (medium): Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet…
CVE-2021-42066 — CVSS 4.4 (medium): SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be…
CVE-2021-33662 — CVSS 4.4 (medium): Under certain conditions, the installation of SAP Business One, version - 10.0, discloses sensitive information on the file system allowing…
CVE-2020-6239 — CVSS 4.4 (medium): Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM…
CVE-2021-37532 — CVSS 4.3 (medium): SAP Business One version - 10, due to improper input validation, allows an authenticated User to gain access to directory and view the…
CVE-2021-33688 — CVSS 4.3 (medium): SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to…
CVE-2023-41365 — CVSS 4.3 (medium): SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct…