CVE-2021-33698

Name of the Vulnerable Software and Affected Versions SAP Business One version 10.0

Description The issue is related to a lack of restrictions on file uploads in the system, allowing a remote attacker to upload and execute arbitrary files. This can be done by an attacker with business authorization, who can upload any files, including script files, without proper file format validation.

Recommendations For SAP Business One version 10.0, consider restricting file upload capabilities to authorized personnel and validating file formats before allowing uploads to prevent exploitation. As a temporary workaround, consider disabling file upload functionality until a patch is available.