CVE-2023-33993

Name of the Vulnerable Software and Affected Versions SAP Business One B1i module version 10.0

Description The issue is related to the lack of protection of the SQL query structure in the B1i Layer component of SAP Business One. This allows a remote attacker to send specially crafted queries to read, modify, or delete data. An authenticated user with deep knowledge can exploit this to cause a high impact on the confidentiality, integrity, and availability of the application.

Recommendations For SAP Business One B1i module version 10.0, consider restricting access to the SQL query functionality to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability of authenticated users to send crafted queries over the network. At the moment, there is no information about a newer version that contains a fix for this vulnerability.