CVE-2021-33704

Name of the Vulnerable Software and Affected Versions: SAP Business One version 10.0

Description: The Service Layer of SAP Business One allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. No in-depth system knowledge is required for an attacker to discover the vulnerable function. Once exploited via the Network stack, the attacker may be able to read, modify, or delete restricted data. The impact is that missing authorization can result in the abuse of functionality usually restricted to specific users.

Recommendations: For SAP Business One version 10.0, consider restricting access to the vulnerable functions until a patch is available. As a temporary workaround, limit the invocation of restricted functions to authorized users only. Additionally, monitor network stack activity for potential exploitation attempts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.