CVE-2023-41365
First published: Tue Oct 10 2023(Updated: )
SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Business One | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-41365?
The severity of CVE-2023-41365 is medium with a severity value of 4.3.
How does CVE-2023-41365 affect SAP Business One?
CVE-2023-41365 allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which can lead to information disclosure.
What is the impact of CVE-2023-41365?
The successful exploitation of CVE-2023-41365 can cause limited impact on the confidentiality but no impact on integrity and availability.
How can I fix CVE-2023-41365?
To fix CVE-2023-41365, it is recommended to apply the necessary security patches and updates provided by SAP.
Where can I find more information about CVE-2023-41365?
More information about CVE-2023-41365 can be found in the SAP Security Note 3338380 and the SAP document provided.
- collector/nvd-api
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/sap
- canonical/sap business one
- version/sap business one/10.0