CVE-2026-24319

In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.

CVSS v3 5.8 MEDIUM

5.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.6 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://me.sap.com/notes/3679346	Permissions Required
https://url.sap/sapsecuritypatchday	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:business_one:10.0:::::::*
	cpe:2.3:a:sap:business_one:10.0:::::sap_hana::

History

No history.

Information

Published : 2026-02-10 04:16

Updated : 2026-02-17 15:30

NVD link : CVE-2026-24319

Mitre link : CVE-2026-24319

CVE.ORG link : CVE-2026-24319

JSON object : View

Products Affected

sap

business_one

CWE

CWE-316

Cleartext Storage of Sensitive Information in Memory

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2026-24319", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.6}]}, "published": "2026-02-10T04:16:03.820", "references": [{"url": "https://me.sap.com/notes/3679346", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://url.sap/sapsecuritypatchday", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-316"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "In SAP Business One, sensitive information is written to the application\ufffds memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability."}, {"lang": "es", "value": "En SAP Business One, la informaci\u00f3n sensible se escribe en los archivos de volcado de memoria de la aplicaci\u00f3n sin ofuscaci\u00f3n. Obtener acceso a esta informaci\u00f3n podr\u00eda potencialmente conducir a operaciones no autorizadas dentro del entorno B1, incluyendo la modificaci\u00f3n de datos de la empresa. Este problema resulta en un alto impacto en la confidencialidad y la integridad, sin impacto en la disponibilidad."}], "lastModified": "2026-02-17T15:30:20.280", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "391F491C-2DE8-44E5-B054-42F188161C8A"}, {"criteria": "cpe:2.3:a:sap:business_one:10.0:*:*:*:*:sap_hana:*:*", "vulnerable": true, "matchCriteriaId": "C1A6AF0B-16D1-4D03-A972-518B3D8242AA"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}