CVE-2021-38180

Name of the Vulnerable Software and Affected Versions: SAP Business One version 10.0

Description: The issue allows an attacker to inject formulas when exporting data to Excel due to improper sanitation during the data export, which can lead to the execution of arbitrary commands on the victim's computer. This is possible only if the victim allows macro execution while opening the file and the security settings of Excel permit command execution.

Recommendations: For SAP Business One version 10.0, consider disabling the export to Excel feature until a patch is available to prevent CSV injection attacks. Additionally, users should be cautious when opening Excel files and avoid enabling macro execution unless necessary, and review their Excel security settings to restrict command execution.