Описание
SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.
Ссылки
- Permissions Required
- PatchVendor Advisory
- Permissions Required
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*
EPSS
Процентиль: 10%
0.00036
Низкий
7 High
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-288
CWE-287
Связанные уязвимости
github
больше 3 лет назад
SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.
EPSS
Процентиль: 10%
0.00036
Низкий
7 High
CVSS3
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-288
CWE-287