CVE-2022-35168

Name of the Vulnerable Software and Affected Versions SAP Business One version 10.0

Description The issue is related to improper input sanitization of XML input, which can lead to a denial-of-service attack, rendering the system temporarily inoperative. This can be exploited by an attacker to cause a disruption in service. The vulnerability is also associated with errors in XML external entity (XXE) references, allowing a remote attacker to cause a denial of service.

Recommendations For SAP Business One version 10.0, update the system to a version that includes proper input sanitization of XML input to prevent denial-of-service attacks. As a temporary workaround, consider restricting XML input to trusted sources until a patch is available.