CVE-2022-28771

Name of the Vulnerable Software and Affected Versions SAP Business One License service API version 10.0

Description The issue is related to a missing authentication check in the SAP Business One License service API, allowing an unauthenticated attacker to send malicious HTTP requests over the network. Successful exploitation can enable an attacker to break the whole application, making it inaccessible. The vulnerability can be exploited by a remote attacker using a specially crafted HTTP request, potentially allowing the execution of arbitrary code.

Recommendations For SAP Business One License service API version 10.0, consider implementing proper authentication checks to prevent unauthorized access. As a temporary workaround, restrict access to the API to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.