CVE-2026-24319

EUVD-2026-6390
In SAP Business One, sensitive information is written to the applications memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
sapCNA
5.8 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
sapbusiness_one
10.0
sapbusiness_one
10.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://me.sap.com/notes/3679346
https://url.sap/sapsecuritypatchday