CVE Vulnerabilities

CVE-2021-42066

Cleartext Storage of Sensitive Information

Published: Dec 14, 2021 | Modified: Nov 21, 2024
CVSS 3.x
4.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
3.5 LOW
AV:N/AC:M/Au:S/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover vulnerable function in-depth application knowledge is required, but once exploited the attacker may be able to completely compromise confidentiality, integrity, and availability of the application.

Weakness

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Affected Software

Name Vendor Start Version End Version
Business_one Sap 10.0 (including) 10.0 (including)

Potential Mitigations

References