Login Sign Up

CVE-2023-31403

9.6 CRITICAL
Remote Code Execution Authentication Bypass

📋 TL;DR

This vulnerability in SAP Business One version 10.0 allows unauthenticated attackers to read, write, and execute files on SMB shared folders used during installation. Any organization running the vulnerable version is affected, potentially leading to complete system compromise.

💻 Affected Systems

Products:
  • SAP Business One
Versions: Version 10.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Affects SMB shared folders used during installation process. Requires network access to the SMB share.

📦 What is this software?

Business One by Sap

View all CVEs affecting Business One →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover via arbitrary code execution, data theft, ransomware deployment, and permanent system compromise.

🟠

Likely Case

Unauthorized access to sensitive business data, installation of malware or backdoors, and disruption of business operations.

🟢

If Mitigated

Limited to no impact if proper network segmentation, access controls, and patching are implemented.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires network access to the vulnerable SMB share but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Note 3355658

Vendor Advisory: https://me.sap.com/notes/3355658

Restart Required: Yes

Instructions:

1. Download patch from SAP Note 3355658. 2. Apply to all affected SAP Business One 10.0 installations. 3. Restart affected systems. 4. Verify SMB share permissions are properly configured.

🔧 Temporary Workarounds

Restrict SMB Share Access

windows

Apply strict network access controls to limit SMB share access to authorized systems only.

Use Windows Firewall or network ACLs to restrict access to SMB ports (TCP 445, 139)

Implement SMB Authentication

windows

Configure SMB shares to require authentication before allowing file operations.

Configure SMB share permissions via Windows Server Manager or PowerShell: Set-SmbShare -Name ShareName -RequireIntegrity $true -RequirePrivacy $true

🧯 If You Can't Patch

  • Isolate affected systems in a segmented network zone with strict access controls.
  • Monitor SMB share access logs for unauthorized activity and implement file integrity monitoring.

🔍 How to Verify

Check if Vulnerable:

Check if SAP Business One version 10.0 is installed and SMB shares are accessible without authentication.

Check Version:

Check SAP Business One version in application interface or installation directory.

Verify Fix Applied:

Verify SAP Note 3355658 is applied and test SMB share access requires proper authentication.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to SMB shares, unexpected file modifications in installation folders

Network Indicators:

  • Unusual SMB traffic patterns, connections from unauthorized IP addresses to SMB ports

SIEM Query:

source="windows" AND (event_id=5140 OR event_id=5145) AND share_name="*SAP*" AND access_mask!="Read"

📊 Metadata

CVE ID: CVE-2023-31403
CVSS v3 Score: 9.6 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-863
Published: November 14, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-31403, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)