CVE-2021-33700 Information
Jun 07, 2022
cve
Description
SAP Business One version - 10.0 allows a local attacker with access to the victim’s browser under certain circumstances to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 https://launchpad.support.sap.com/#/notes/3073325
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: