Vulnerability in Sap Business_one
CVE-2023-37487
SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on…
EPSS: 0.004 (33.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Sap Business_one — versions 10.0
- Sap_se Sap Business One (Service Layer) — versions 10.0
Weakness classification (CWE)
References
- cna@sap.com (Permissions Required)
- cna@sap.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2023-37487?
- CVE-2023-37487 is a medium-severity vulnerability in Sap Business_one, classified under Exposure of Sensitive System Information to an Unauthorized Control Sphere. CVSS score: 5.3/10. Published 2023-08-08.
- How severe is CVE-2023-37487?
- Medium severity. CVSS v3 base score is 5.3 out of 10.