CVE-2021-27616

Under certain conditions, SAP Business One Hana Chef Cookbook, versions - 8.82, 9.0, 9.1, 9.2, 9.3, 10.0, used to install SAP Business One for SAP HANA, allows an attacker to exploit an insecure temporary backup path and to access information which would otherwise be restricted, resulting in Information Disclosure vulnerability highly impacting the confidentiality, integrity and availability of the application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
sapbusiness-one-hana-chef-cookbook
0.1.6
sapbusiness-one-hana-chef-cookbook
0.1.7
sapbusiness-one-hana-chef-cookbook
0.1.19
sapbusiness_one
8.82
sapbusiness_one
9.0
sapbusiness_one
9.1
sapbusiness_one
9.2
sapbusiness_one
9.3
sapbusiness_one
10.0
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/3049661
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655
https://launchpad.support.sap.com/#/notes/3049661
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655