Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2908382 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-06-10 06:15
Updated : 2021-07-21 04:39
NVD link : CVE-2020-6239
Mitre link : CVE-2020-6239
JSON object : View
CWE
CWE-522
Insufficiently Protected Credentials
Products Affected
sap
- business_one