CVE-2021-33700 HIGH

CVE-2021-33700

Vendor Sap Se
Product SAP Business One
Weakness CWE-288
Published September 15, 2021
Last update August 3, 2024

CVSS base score

7.0/10
Attack vector Local
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.

Key dates

02Disclosure timeline

September 15, 2021 CVE published
August 3, 2024 Record updated