CVE-2023-37487

Name of the Vulnerable Software and Affected Versions SAP Business One (Service Layer) version 10.0

Description The issue is related to insufficient protection of service data in the SAP Business One system, which can be exploited by a remote attacker to disclose protected information. An authenticated attacker with deep knowledge can perform certain operations to access unintended data over the network, potentially leading to a high impact on confidentiality.

Recommendations For SAP Business One (Service Layer) version 10.0, consider restricting access to sensitive data and implementing additional security measures to prevent unauthorized access until a fix is available. As a temporary workaround, limit the ability of authenticated attackers to perform certain operations that could lead to data disclosure.