The massive enterprise software company SAP fixed a serious issue with inappropriate access control in its Business One product.
Three new and three revised security notes are included in the SAP November 2023 Security Patch Day. The most serious “hot news” concerns the installation of the SAP Business One software and is traced as CVE-2023-31403, which affects inappropriate access control (CVSS score of 9.6).
The alert states that the SMB shared folder installation in SAP Business One version 10.0 “does not perform proper authentication and authorization checks.” Consequently, the SMB shared folder may be viewed and written to by any malevolent user. Furthermore, the installation procedure may utilize or execute the files in the folder, which might have a significant influence on availability, confidentiality, and integrity.