CVE-2021-33704 Information

Jun 07, 2022 cve

Description

The Service Layer of SAP Business One version - 10.0 allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function no in-depth system knowledge is required. Once exploited via Network stack the attacker may be able to read modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806 https://launchpad.support.sap.com/#/notes/3078072

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8

Share on: