CVE-2023-41365 MEDIUM

CVE-2023-41365: Information Disclosure vulnerability in SAP Business One (B1i)

Vendor Sap_Se
Product SAP Business One (B1i)
Weakness CWE-611 · XXE
Published October 10, 2023
Last update September 26, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.

Key dates

02Disclosure timeline

October 10, 2023 CVE published
September 26, 2024 Record updated