CVE-2023-31403 CRITICAL

CVE-2023-31403: Improper Access Control vulnerability in SAP Business One product installation

Vendor Sap_Se

Product SAP Business One

Weakness CWE-863 · Incorrect authorization

Published November 14, 2023

Last update June 11, 2025

View on NVD All CVEs

CVSS base score

9.6/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.

Key dates

02Disclosure timeline

November 14, 2023 CVE published

June 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-31403 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

CVE-2023-31403: Improper Access Control vulnerability in SAP Business One product installation

01Description

02Disclosure timeline

03References

04Related CVE