Login Sign Up

CVE-2023-39437

7.6 HIGH
Cross-Site Scripting

📋 TL;DR

CVE-2023-39437 is a cross-site scripting (XSS) vulnerability in SAP Business One version 10.0 that allows attackers to inject malicious scripts into web pages. When exploited, this can compromise user sessions, steal sensitive data, or perform unauthorized actions. Organizations using SAP Business One 10.0 are affected.

💻 Affected Systems

Products:
  • SAP Business One
Versions: Version 10.0
Operating Systems: Windows, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments of SAP Business One 10.0 are vulnerable unless patched. The vulnerability affects web interface components.

📦 What is this software?

Business One by Sap

View all CVEs affecting Business One →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of user accounts, theft of sensitive business data, unauthorized administrative actions, and potential lateral movement within the SAP environment.

🟠

Likely Case

Session hijacking, credential theft, data exfiltration, and manipulation of business data displayed to users.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

XSS vulnerabilities typically have low exploitation complexity. Attackers need to trick users into visiting malicious links or interacting with crafted content.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply SAP Note 3358300

Vendor Advisory: https://me.sap.com/notes/3358300

Restart Required: Yes

Instructions:

1. Download the patch from SAP Note 3358300. 2. Apply the patch according to SAP's installation instructions. 3. Restart the SAP Business One application services. 4. Verify the patch is applied correctly.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add appropriate CSP headers to web server configuration

Input Validation Filtering

all

Implement server-side input validation and output encoding

Configure web application firewall rules to filter malicious scripts

🧯 If You Can't Patch

  • Implement strict input validation and output encoding on all user inputs
  • Deploy a web application firewall (WAF) with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check if SAP Business One version is 10.0 and SAP Note 3358300 is not applied

Check Version:

Check version in SAP Business One administration tools or system information

Verify Fix Applied:

Verify SAP Note 3358300 is applied in the system administration console

📡 Detection & Monitoring

Log Indicators:

  • Unusual script tags in HTTP requests
  • Suspicious user input patterns
  • Error logs showing script execution failures

Network Indicators:

  • HTTP requests containing script injection patterns
  • Unusual outbound connections after user interactions

SIEM Query:

source="sap_business_one" AND (http_request CONTAINS "<script>" OR http_request CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2023-39437
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
CWE: CWE-79
Published: August 8, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39437, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)