CVE-2019-0353

low-risk
Published 2019-09-10

Under certain conditions SAP Business One client (B1_ON_HANA, SAP-M-BO), before versions 9.2 and 9.3, allows an attacker to access information which would otherwise be restricted.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (2)

Business One Client
Business One Client

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/2768864
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506
Permissions Required https://launchpad.support.sap.com/#/notes/2768864
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506
20
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 7/34 · Low