CVE-2021-27613 – This vulnerability in SAP Business One Chef coo... (How to Fix)

Q: What is the severity of CVE-2021-27613?

CVE-2021-27613 has a CVSS score of 7.8 (HIGH). This vulnerability in SAP Business One Chef cookbook allows attackers to access sensitive payroll data through insecure temporary folder permissions. It affects organizations using SAP Business One versions 9.2, 9.3, and 10.0 installed via the vulnerable Chef cookbook, potentially exposing confidential employee information.

📋 TL;DR

This vulnerability in SAP Business One Chef cookbook allows attackers to access sensitive payroll data through insecure temporary folder permissions. It affects organizations using SAP Business One versions 9.2, 9.3, and 10.0 installed via the vulnerable Chef cookbook, potentially exposing confidential employee information.

💻 Affected Systems

Products:

SAP Business One Chef cookbook

Versions: 9.2, 9.3, 10.0

Operating Systems: All operating systems where SAP Business One is installed via Chef cookbook

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations using the Chef cookbook for deployment. Manual installations or other deployment methods may not be vulnerable.

📦 What is this software?

Chef Business One Cookbook by Sap

View all CVEs affecting Chef Business One Cookbook →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of payroll data including employee personal information, salary details, and financial records, potentially enabling identity theft, financial fraud, and regulatory compliance violations.

🟠

Likely Case

Unauthorized access to payroll files containing sensitive employee information, leading to data privacy breaches and potential insider threats.

🟢

If Mitigated

Limited impact with proper file system permissions and access controls preventing unauthorized folder access.

🌐 Internet-Facing: LOW - This vulnerability requires access to the local file system where SAP Business One is installed.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts with local access can exploit this to access sensitive payroll data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local file system access to the temporary folders used for payroll data processing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Note 3049755

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3049755

Restart Required: Yes

Instructions:

1. Download and apply SAP Note 3049755 from SAP Support Portal. 2. Update the Chef cookbook to secure the temporary folder permissions. 3. Restart affected SAP Business One services. 4. Verify folder permissions are properly configured.

🔧 Temporary Workarounds

Secure Temporary Folder Permissions

linux

Manually adjust file system permissions on the temporary folders used for payroll data to restrict access to authorized users only.

chmod 700 /path/to/payroll/temp/folder
chown sapuser:sapgroup /path/to/payroll/temp/folder

Windows Folder Security

windows

Configure NTFS permissions to restrict access to payroll temporary folders to only necessary service accounts.

icacls "C:\Path\To\Payroll\Temp" /inheritance:r /grant "SAPServiceAccount":(OI)(CI)F /deny "Everyone":(OI)(CI)F

🧯 If You Can't Patch

Implement strict access controls and monitoring on the temporary payroll folders
Isolate SAP Business One servers from general network access and implement network segmentation

🔍 How to Verify

Check if Vulnerable:

Check if SAP Business One was installed using Chef cookbook versions 9.2, 9.3, or 10.0 and verify permissions on payroll temporary folders are overly permissive.

Check Version:

Check SAP Business One version via SAP GUI or review installation logs for Chef cookbook version

Verify Fix Applied:

Verify SAP Note 3049755 is applied and temporary folder permissions are properly restricted to authorized users only.

📡 Detection & Monitoring

Log Indicators:

Unauthorized access attempts to payroll temporary folders
File permission changes on payroll directories
Unusual file access patterns from non-service accounts

Network Indicators:

Unusual file transfers from SAP Business One servers
Lateral movement attempts to SAP servers

SIEM Query:

source="windows-security" EventID=4663 ObjectType="File" ObjectName="*payroll*temp*"

📊 Metadata

CVE ID: CVE-2021-27613

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: May 11, 2021

Last Updated: November 21, 2024

🔗 References

https://launchpad.support.sap.com/#/notes/3049755 Permissions Required,Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 Vendor Advisory
https://launchpad.support.sap.com/#/notes/3049755 Permissions Required,Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON