Login Sign Up

CVE-2022-31593

8.8 HIGH

📋 TL;DR

CVE-2022-31593 is a code injection vulnerability in SAP Business One client version 10.0 that allows authenticated attackers with low privileges to execute arbitrary code within the application. This could lead to complete compromise of the client system. Organizations using SAP Business One version 10.0 are affected.

💻 Affected Systems

Products:
  • SAP Business One client
Versions: Version 10.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with low privileges; not applicable to SAP Business One server components.

📦 What is this software?

Business One by Sap

View all CVEs affecting Business One →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover, data exfiltration, lateral movement within the network, and persistent backdoor installation.

🟠

Likely Case

Privilege escalation to administrative rights, data theft, and installation of malware on affected client systems.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege access, and application whitelisting are implemented.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access; CWE-74 indicates improper neutralization of special elements in output used by a downstream component.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Note 3191012

Vendor Advisory: https://launchpad.support.sap.com/#/notes/3191012

Restart Required: Yes

Instructions:

1. Download patch from SAP Support Portal using Note 3191012. 2. Apply patch to all affected SAP Business One client installations. 3. Restart client applications. 4. Verify patch application by checking version.

🔧 Temporary Workarounds

Restrict User Privileges

windows

Apply principle of least privilege to limit potential damage from exploitation.

Network Segmentation

all

Isolate SAP Business One clients from critical systems to contain potential lateral movement.

🧯 If You Can't Patch

  • Implement application whitelisting to prevent execution of unauthorized code.
  • Deploy endpoint detection and response (EDR) solutions with behavioral monitoring for code injection patterns.

🔍 How to Verify

Check if Vulnerable:

Check SAP Business One client version; if version is 10.0 without SAP Note 3191012 applied, system is vulnerable.

Check Version:

Check version in SAP Business One client interface or registry: HKEY_LOCAL_MACHINE\SOFTWARE\SAP\SAP Business One\Version

Verify Fix Applied:

Verify SAP Note 3191012 is applied through SAP Business One administration tools or version check.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process execution from SAP Business One client
  • Suspicious command injection patterns in application logs

Network Indicators:

  • Unexpected outbound connections from SAP Business One clients
  • Anomalous traffic to unusual destinations

SIEM Query:

Process creation where parent process contains 'SAP Business One' AND (command line contains suspicious patterns like 'cmd.exe', 'powershell.exe', or encoded commands)

📊 Metadata

CVE ID: CVE-2022-31593
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-74
Published: July 12, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-31593, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)