Vulnerability in Sap_se Sap Business One (Service Layer)
CVE-2025-26658
The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can eleva…
EPSS: 0.003 (19.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Sap_se Sap Business One (Service Layer) — versions B1_ON_HANA 10.0, SAP-M-BO 10.0
Weakness classification (CWE)
References
Frequently asked questions
- What is CVE-2025-26658?
- CVE-2025-26658 is a medium-severity vulnerability in Sap_se Sap Business One (Service Layer), classified under Session Fixation. CVSS score: 6.8/10. Published 2025-03-11.
- How severe is CVE-2025-26658?
- Medium severity. CVSS v3 base score is 6.8 out of 10.