CVE-2020-6239

low-risk

Published 2020-06-10

Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.4/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Business One

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/2908382

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

Permissions Required https://launchpad.support.sap.com/#/notes/2908382

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low