Primary

Context

SAP Business One SLD Backend Service API Encryption Vulnerability Leading to Credential Exposure

Vulnerability

A vulnerability exists in the SAP Business One native client login process, where the SLD backend service improperly encrypts certain APIs. This flaw allows sensitive credentials to be exposed in the HTTP response body, significantly impacting the application's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability leads to the exposure of sensitive credentials, with high implications for the application's confidentiality, integrity, and availability.

Remediation

Users are advised to review and implement the SAP Security Note related to this vulnerability, available through the SAP for Me platform. This vulnerability will also be addressed in the upcoming SAP Security Patch Day.

Added: Sep 9, 2025, 2:21 AM

Updated: Sep 9, 2025, 2:21 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

6.3

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

6.3

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Business One SLD Backend Service API Encryption Vulnerability Leading to Credential Exposure

Vulnerability

Impact

Remediation

Affected Products

SAP Business One

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating