CVE-2023-31403

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-31403
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.

8.0 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://me.sap.com/notes/3355658 Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-11-14 01:15

Updated : 2023-11-20 19:51

NVD link : CVE-2023-31403

Mitre link : CVE-2023-31403

CVE.ORG link : CVE-2023-31403

JSON object : View

Products Affected

sap

  • business_one
CWE
CWE-863

Incorrect Authorization

CWE-284

Improper Access Control