CVE-2020-6239

Published: Jun 10, 2020Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.

Affected (2)

Products: Sap: Business One

Sap

1 product

Business One

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Business One	Version 10.0
Sap Business One	Version 9.3

Related CWEs

CWE-522

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (4)

https://launchpad.support.sap.com/#/notes/2908382

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2908382

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.