SB2021051105 - Multiple vulnerabilities in SAP Business One

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021051105

SB2021051105 - Multiple vulnerabilities in SAP Business One

Published: May 11, 2021

Security Bulletin ID SB2021051105
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Information disclosure (CVE-ID: CVE-2021-27613)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote user can gain unauthorized access to sensitive information on the system.


2) Security restrictions bypass (CVE-ID: CVE-2021-27614)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.


3) Security restrictions bypass (CVE-ID: CVE-2021-27616)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.


Remediation

Install update from vendor's website.

References