SAP Business One Version 10.0 Local Browser-Based Authentication Bypass Vulnerability

SAP Business One Version 10.0 Local Browser-Based Authentication Bypass Vulnerability

CVE-2021-33700 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SAP Business One, version - 10.0, allows a local attacker with access to the victim's browser under certain circumstances, to login as the victim without knowing his/her password. The attacker could so obtain highly sensitive information which the attacker could use to take substantial control of the vulnerable application.

Learn more about our Web Application Penetration Testing UK.