CVE-2023-41365

Name of the Vulnerable Software and Affected Versions SAP Business One (B1i) version 10.0

Description The issue is related to the error reporting mechanism in SAP Business One, which allows an authorized attacker to retrieve the details of a fault message. This can be exploited to conduct an XXE injection, leading to information disclosure. Successful exploitation can cause limited impact on confidentiality, with no impact on integrity and availability. The vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations For SAP Business One (B1i) version 10.0, consider restricting access to error messages and stack traces to minimize the risk of exploitation. As a temporary workaround, consider disabling the error reporting feature until a patch is available.