CVE-2022-32249

Name of the Vulnerable Software and Affected Versions SAP Business One and SAP HANA versions prior to 10.0

Description The issue is related to insufficient access control in the Cockpit component of SAP Business One and SAP HANA systems, allowing a remote attacker to gain unauthorized access to sensitive information. Under specific integration scenarios, an attacker can exploit the HANA cockpit's data volume to access highly sensitive information, such as high-privileged account credentials.

Recommendations For SAP Business One and SAP HANA versions prior to 10.0, update to version 10.0 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.