SAP B1 10.0 B1i Remote Query SQL Injection
CVE-2023-33993 Published on August 8, 2023

SQL Injection vulnerability in SAP Business One B1i Layer
B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application.

NVD

Vulnerability Analysis

CVE-2023-33993 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a SQL Injection Vulnerability?

The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE-2023-33993 has been classified to as a SQL Injection vulnerability or weakness.


Products Associated with CVE-2023-33993

Want to know whenever a new CVE is published for SAP Business One? stack.watch will email you.

SAP Business One
 

Affected Versions

SAP_SE SAP Business One (B1i Layer) Version 10.0 is affected by CVE-2023-33993

Exploit Probability

EPSS
0.23%
Percentile
45.28%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.