SAP B1 10.0 SMB Shared Folder auth bypass in installation
CVE-2023-31403 Published on November 14, 2023

Improper Access Control vulnerability in SAP Business One product installation
SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is an AuthZ Vulnerability?

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVE-2023-31403 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2023-31403

Want to know whenever a new CVE is published for SAP Business One? stack.watch will email you.

SAP Business One
 

Affected Versions

SAP_SE SAP Business One Version 10.0 is affected by CVE-2023-31403

Exploit Probability

EPSS
0.12%
Percentile
31.80%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.