Sap Business_one
31 CVEs affecting Sap Business_one. Latest disclosed: 2026-02-10. Critical: 3, High: 13.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-38180 | Critical | 9.8 | 2021-10-12 | SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data… |
CVE-2023-31403 | Critical | 9.6 | 2023-11-14 | SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious… |
CVE-2016-6256 | Critical | 9.6 | 2017-05-26 | SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exe… |
CVE-2022-31593 | High | 8.8 | 2022-07-12 | SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereb… |
CVE-2021-33704 | High | 8.8 | 2021-09-15 | The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to speci… |
CVE-2021-33698 | High | 8.8 | 2021-09-15 | SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format va… |
CVE-2018-2425 | High | 8.4 | 2018-06-12 | Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted. |
CVE-2022-35292 | High | 7.8 | 2022-09-13 | In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability kno… |
CVE-2021-33700 | High | 7.8 | 2021-09-15 | SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowi… |
CVE-2021-27616 | High | 7.8 | 2021-05-11 | Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows… |
CVE-2023-39437 | High | 7.6 | 2023-08-08 | SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the… |
CVE-2022-35168 | High | 7.5 | 2022-07-12 | Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system tem… |
CVE-2022-32249 | High | 7.5 | 2022-07-12 | Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly… |
CVE-2018-2458 | High | 7.5 | 2018-09-11 | Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would oth… |
CVE-2023-33993 | High | 7.1 | 2023-08-08 | B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or… |
CVE-2021-27614 | High | 7.1 | 2021-05-11 | SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code… |
CVE-2021-33685 | Medium | 6.5 | 2021-09-14 | SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restric… |
CVE-2018-2460 | Medium | 5.9 | 2018-09-11 | SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack. |
CVE-2026-24319 | Medium | 5.8 | 2026-02-10 | In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could pote… |
CVE-2021-44234 | Medium | 5.5 | 2022-01-14 | SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitiv… |