Description
In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.
Published: 2026-02-10
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Apply Patch
AI Analysis

Impact

SAP Business One creates memory dump files in which it writes sensitive application data without any obfuscation. If those files are accessed, an attacker can read confidential information and may use that knowledge to perform unauthorized operations, such as altering company data, thereby compromising both confidentiality and integrity.

Affected Systems

The vulnerability affects SAP Business One (B1 Client) version 10.0. Users of this product are at risk unless refreshed.

Risk and Exploitability

The CVSS score of 5.8 indicates a medium severity, primarily due to the high confidentiality impact. The EPSS score of less than 1% shows a very low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The most probable attack vector is the ability to read the client’s local memory dump files; if an attacker can gain local or remote file system access, the vulnerability can be leveraged to retrieve sensitive data.

Generated by OpenCVE AI on April 17, 2026 at 20:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the security patch provided in SAP Note 3679346 to prevent sensitive data from being written to memory dumps.
  • Restrict file system permissions on the B1 client memory dump files so that only authorized system administrators can read them.
  • Disable or encrypt the memory dump files if the functionality is not required, ensuring that any remaining dumps are protected at rest.

Generated by OpenCVE AI on April 17, 2026 at 20:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Sap
Sap business One
Weaknesses CWE-312
CPEs cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:business_one:10.0:*:*:*:*:sap_hana:*:*
Vendors & Products Sap
Sap business One

Tue, 10 Feb 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Sap Se
Sap Se sap Business One (b1 Client Memory Dump Files)
Vendors & Products Sap Se
Sap Se sap Business One (b1 Client Memory Dump Files)

Tue, 10 Feb 2026 03:45:00 +0000

Type Values Removed Values Added
Description In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.
Title Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files)
Weaknesses CWE-316
References
Metrics cvssV3_1

{'score': 5.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N'}

Subscriptions

Sap Business One
Sap Se Sap Business One (b1 Client Memory Dump Files)
cve-icon MITRE

Status: PUBLISHED

Assigner: sap

Published:

Updated: 2026-02-26T15:04:13.311Z

Reserved: 2026-01-21T22:15:36.672Z

Link: CVE-2026-24319

cve-icon Vulnrichment

Updated: 2026-02-10T17:17:17.105Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-10T04:16:03.820

Modified: 2026-02-17T15:30:20.280

Link: CVE-2026-24319

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:00:12Z

Weaknesses