CVE-2021-38179

Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
sapbusiness_one
10.0
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/3074819
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983
https://launchpad.support.sap.com/#/notes/3074819
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983