CVE-2021-38179
4.9 MEDIUMDebug function of Admin UI of SAP Business One Integration is enabled by default
Published: 2021-10-12 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 4.9 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected products
| Vendor | Product |
|---|---|
| sap | business_one |
Description
Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-38179
- [Other]https://launchpad.support.sap.com/#/notes/3074819
- [Vendor advisory]https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983
- [Other]https://launchpad.support.sap.com/#/notes/3074819
- [Vendor advisory]https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983
Related CVEs
Same vendor
- CVE-2026-27680 — Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascad... (3.1 LOW)
- CVE-2026-40135 — An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authentica... (6.5 MEDIUM)
- CVE-2026-27682 — Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (Applications based on Business Serv... (4.7 MEDIUM)
- CVE-2026-34257 — Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL tha... (6.1 MEDIUM)
- CVE-2026-27674 — Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could suppl... (6.1 MEDIUM)