CVE-2021-42066

Name of the Vulnerable Software and Affected Versions SAP Business One version 10.0

Description The issue allows an admin user to view the database password in plain text over the network, which should otherwise be encrypted. An attacker requires in-depth application knowledge to discover the vulnerable function, but once exploited, it may lead to a complete compromise of the application's confidentiality, integrity, and availability.

Recommendations For SAP Business One version 10.0, consider restricting access to the database password or implementing additional encryption measures to protect the password in transit. As a temporary workaround, limit administrative access to trusted users only until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.