Critical Flaw Fixed in SAP Business One Product
Software giant SAP has released its November 2023 Security Patch Day, addressing several vulnerabilities in its products. The most severe vulnerability is an improper access control issue in SAP Business One, which could allow a malicious user to read, write, and execute files in the SMB shared folder. Another critical vulnerability relates to a missing authorization check in SAP CommonCryptoLib, which could result in privilege escalation. The remaining security notes address medium-severity vulnerabilities. SAP has not observed any attacks exploiting these vulnerabilities at present.