CVE-2021-33700

September 28, 2021

SAP Business One, version – 10.0, allows a local attacker with access to the victim’s browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.

Summary:

SAP Business One, version – 10.0, allows a local attacker with access to the victim’s browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.

Reference Links(if available):

  • https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
  • https://launchpad.support.sap.com/#/notes/3073325

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • You may have missed

    image 1

    CVE Alert: CVE-2024-50527

    November 5, 2024
    image 1

    CVE Alert: CVE-2024-50528

    November 5, 2024
    image 1

    CVE Alert: CVE-2024-50526

    November 5, 2024
    image 1

    CVE Alert: CVE-2024-51582

    November 5, 2024
    image 1

    CVE Alert: CVE-2024-51665

    November 5, 2024