CVE-2026-24319
📋 TL;DR
SAP Business One writes sensitive information to memory dump files without obfuscation, allowing attackers who access these files to potentially perform unauthorized operations and modify company data. This affects all SAP Business One installations where memory dumps are generated and accessible to unauthorized users.
💻 Affected Systems
- SAP Business One
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full access to sensitive business data and can modify company records, financial data, and operational information, leading to data breaches and business disruption.
Likely Case
Attackers with access to memory dump files extract credentials or sensitive business information, enabling unauthorized access to the SAP Business One environment.
If Mitigated
With proper access controls and patching, memory dump files are inaccessible to unauthorized users, limiting exposure to only privileged administrators.
🎯 Exploit Status
Exploitation requires access to memory dump files, typically through compromised accounts or insufficient file permissions.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check SAP Note 3679346 for specific patch versions
Vendor Advisory: https://me.sap.com/notes/3679346
Restart Required: Yes
Instructions:
1. Review SAP Note 3679346 for patch details. 2. Apply the SAP security patch via standard SAP patching procedures. 3. Restart SAP Business One services after patching.
🔧 Temporary Workarounds
Restrict access to memory dump files
allSet strict file permissions on memory dump directories to prevent unauthorized access.
Windows: icacls "C:\Program Files\SAP\Business One\*" /deny Users:(R,W)
Linux: chmod 700 /opt/sap/businessone/*
Disable memory dump generation
allConfigure SAP Business One to not generate memory dump files in production environments.
Consult SAP documentation for configuration settings to disable memory dumps
🧯 If You Can't Patch
- Implement strict access controls to memory dump directories, allowing only privileged administrators.
- Monitor file access to memory dump locations and alert on unauthorized access attempts.
🔍 How to Verify
Check if Vulnerable:
Check if memory dump files exist in SAP Business One directories and contain unencrypted sensitive data.Check Version:
Check SAP Business One version in application interface or via SAP administrative tools.Verify Fix Applied:
Verify patch installation via SAP Business One version check and confirm memory dump files no longer contain sensitive information.📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to memory dump file locations
- Abnormal file reads from SAP Business One directories
Network Indicators:
- Unusual file transfer activity from SAP server to unauthorized destinations
SIEM Query:
source="windows-security" EventID=4663 ObjectName="*memory*.dmp" OR source="syslog" path="*/sap/businessone/*.dmp"