CVE-2021-33700

SAP Business One, version – 10.0, allows a local attacker with access to the victim’s browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.

Summary:

SAP Business One, version – 10.0, allows a local attacker with access to the victim’s browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.

Reference Links(if available):

  • https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
  • https://launchpad.support.sap.com/#/notes/3073325
  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)