Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6239

Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.

Published

2020-06-10T13:15:17.743

Last Modified

2024-11-21T05:35:21.657

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.4 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-522

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	business_one	9.3	Yes
Application	sap	business_one	10.0	Yes

References

https://launchpad.support.sap.com/#/notes/2908382 Permissions Required ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/2908382 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)