CVE-2021-38180
First published: Tue Oct 12 2021(Updated: )
SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Business One | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP Business One vulnerability?
The vulnerability ID for this SAP Business One vulnerability is CVE-2021-38180.
What is the severity level of CVE-2021-38180?
The severity level of CVE-2021-38180 is critical with a CVSS score of 9.8.
How does CVE-2021-38180 exploit SAP Business One?
CVE-2021-38180 exploits SAP Business One by allowing an attacker to inject formulas when exporting data to Excel, leading to CSV injection.
What version of SAP Business One is affected by CVE-2021-38180?
Version 10.0 of SAP Business One is affected by CVE-2021-38180.
Are there any references or additional resources for CVE-2021-38180?
Yes, you can find references and additional resources for CVE-2021-38180 at the following links: [Link 1](https://launchpad.support.sap.com/#/notes/3079427), [Link 2](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983).
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap business one
- version/sap business one/10.0