CVE-2026-24319 | THREATINT

Description

In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.

PUBLISHED Reserved 2026-01-21 | Published 2026-02-10 | Updated 2026-02-11 | Assigner sap

MEDIUM: 5.8CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

Problem types

CWE-316: Cleartext Storage of Sensitive Information in Memory

Product status

Default status

unaffected

B1_ON_HANA 10.0

affected

SAP-M-BO 10.0

affected

References

me.sap.com/notes/3679346

url.sap/sapsecuritypatchday

cve.org (CVE-2026-24319)

nvd.nist.gov (CVE-2026-24319)

Download JSON