CVE-2021-27613

Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to install SAP Business One, allows an attacker to exploit an insecure temporary folder for incoming & outgoing payroll data and to access information which would otherwise be restricted, which could lead to Information Disclosure and highly impact system confidentiality, integrity and availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
sapchef_business-one-cookbook
0.1.9
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/3049755
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655
https://launchpad.support.sap.com/#/notes/3049755
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655