CVE-2021-38179

EUVD-2021-24649
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
Affected Products (NVD)
VendorProductVersion
sapbusiness_one
10.0
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/3074819
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983
https://launchpad.support.sap.com/#/notes/3074819
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983