PT-2025-10672 · Sap · Sap Business One

Published

2025-03-10

Updated

2025-03-11

CVE-2025-26658

CVSS v3.1

6.8

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions SAP Business One (affected versions not specified)

Description The issue in the Service Layer of SAP Business One allows attackers to potentially gain unauthorized access, impersonate other users, and perform unauthorized actions due to improper session management. This can lead to elevated privileges, enabling attackers to read, modify, and/or write new data. The exploitation requires significant time and effort to gain authenticated sessions of other users. The impact is high on the confidentiality and integrity of the application, with no effect on its availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-384

Related Identifiers

BDU:2025-03174

CVE-2025-26658

Affected Products

Sap Business One

PT-2025-10672 · Sap · Sap Business One

CVE-2025-26658

Weakness Enumeration

Related Identifiers

Affected Products

References · 11