216.73.217.6

CVE-2025-26658

· Published 11/03/2025 01:15 · Modified 11/03/2025 01:15

Labels: CVE-2025-26658 2025-03-11CVE-2025-26658CWE-384[email protected]

Essential information

Published
11/03/2025 01:15
Modified
11/03/2025 01:15
Author
Creator
CVSS
6.8 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

The Service Layer in SAP Business One, allows attackers to potentially gain unauthorized access and impersonate other users in the application to perform unauthorized actions. Due to the improper session management, the attackers can elevate themselves to higher privilege and can read, modify and/or write new data. To gain authenticated sessions of other users, the attacker must invest considerable time and effort. This vulnerability has a high impact on the confidentiality and integrity of the application with no effect on the availability of the application.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sap / business one cpe:2.3:a:sap:business_one:*:*:*:*:*:*:*:*

References