CVE-2021-33704
First published: Wed Sep 15 2021(Updated: )
The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. For an attacker to discover the vulnerable function, no in-depth system knowledge is required. Once exploited via Network stack, the attacker may be able to read, modify or delete restricted data. The impact is that missing authorization can result of abuse of functionality usually restricted to specific users.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Business One | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP Business One vulnerability?
The vulnerability ID for this SAP Business One vulnerability is CVE-2021-33704.
What is the severity level of CVE-2021-33704?
The severity level of CVE-2021-33704 is high with a severity value of 8.8.
How does CVE-2021-33704 affect the SAP Business One software?
CVE-2021-33704 affects the Service Layer of SAP Business One version 10.0.
What can an authenticated attacker do with CVE-2021-33704?
An authenticated attacker can invoke certain functions that would otherwise be restricted to specific users.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-33704?
The Common Weakness Enumeration (CWE) ID for CVE-2021-33704 is 862.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/tags
- agent/type
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap business one
- version/sap business one/10.0