Sap Business_one

31 CVEs affecting Sap Business_one. Latest disclosed: 2026-02-10. Critical: 3, High: 13.

Top CVEs affecting Sap Business_one
CVESeverityScorePublishedSummary
CVE-2021-38180Critical9.82021-10-12SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data…
CVE-2023-31403Critical9.62023-11-14SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious…
CVE-2016-6256Critical9.62017-05-26SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exe…
CVE-2022-31593High8.82022-07-12SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereb…
CVE-2021-33704High8.82021-09-15The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to speci…
CVE-2021-33698High8.82021-09-15SAP Business One, version - 10.0, allows an attacker with business authorization to upload any files (including script files) without the proper file format va…
CVE-2018-2425High8.42018-06-12Under certain conditions, SAP Business One, 9.2, 9.3, for SAP HANA backup service allows an attacker to access information which would otherwise be restricted.
CVE-2022-35292High7.82022-09-13In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability kno…
CVE-2021-33700High7.82021-09-15SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowi…
CVE-2021-27616High7.82021-05-11Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows…
CVE-2023-39437High7.62023-08-08SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the…
CVE-2022-35168High7.52022-07-12Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system tem…
CVE-2022-32249High7.52022-07-12Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit�s data volume to gain access to highly…
CVE-2018-2458High7.52018-09-11Under certain conditions, Crystal Report using SAP Business One, versions 9.2 and 9.3, connection type allows an attacker to access information which would oth…
CVE-2023-33993High7.12023-08-08B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or…
CVE-2021-27614High7.12021-05-11SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One on SAP HANA, allows an attacker to inject code…
CVE-2021-33685Medium6.52021-09-14SAP Business One version - 10.0 allows low-level authorized attacker to traverse the file system to access files or directories that are outside of the restric…
CVE-2018-2460Medium5.92018-09-11SAP Business One Android application, version 1.2, does not verify the certificate properly for HTTPS connection. This allows attacker to do MITM attack.
CVE-2026-24319Medium5.82026-02-10In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could pote…
CVE-2021-44234Medium5.52022-01-14SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitiv…