Default Debug Function in SAP Business One Integration Admin UI Exposes User Credentials

Default Debug Function in SAP Business One Integration Admin UI Exposes User Credentials

CVE-2021-38179 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.

Learn more about our User Device Pen Test.