CVE-2026-24319
Sensitive Data Exposure in SAP Business One Memory Dumps
Publication date: 2026-02-10
Last updated on: 2026-02-17
Assigner: SAP SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sap | business_one | 10.0 |
| sap | business_one | 10.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-316 | The product stores sensitive information in cleartext in memory. |
| CWE-312 | The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in SAP Business One where sensitive information is written to the application's memory dump files without any obfuscation. This means that if someone gains access to these memory dump files, they could see sensitive data in plain form.
Because the sensitive information is exposed in this way, an attacker with access to these files could potentially perform unauthorized operations within the SAP Business One environment, such as modifying company data.
How can this vulnerability impact me? :
The vulnerability impacts the confidentiality and integrity of your data within SAP Business One. Specifically, unauthorized individuals who access the memory dump files could view sensitive information and potentially modify company data.
There is no impact on availability, meaning the system's uptime or accessibility is not affected by this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know