Main Vulnerability Database Vulnerabilities #VU55669

#VU55669 Arbitrary file upload in SAP Business One - CVE-2021-33698

Published: August 10, 2021

Vulnerability identifier: #VU55669

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-33698

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SAP Business One

Software vendor:
SAP

Description

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload in SAP Business One. A remote authenticated user can upload a malicious file and execute it on the server.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Remediation

Install updates from vendor's website.

External links

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806
https://launchpad.support.sap.com/#/notes/3071984

#VU55669 Arbitrary file upload in SAP Business One - CVE-2021-33698

Description

Remediation

External links

Please verify you're human