{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24319", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2026-01-21T22:15:36.672Z", "datePublished": "2026-02-10T03:03:33.788Z", "dateUpdated": "2026-02-26T15:04:13.311Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP Business One (B1 Client Memory Dump Files)", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "B1_ON_HANA 10.0"}, {"status": "affected", "version": "SAP-M-BO 10.0"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In SAP Business One, sensitive information is written to the application\ufffds memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.</p>"}], "value": "In SAP Business One, sensitive information is written to the application\ufffds memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-316", "description": "CWE-316: Cleartext Storage of Sensitive Information in Memory", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-10T03:03:33.788Z"}, "references": [{"url": "https://me.sap.com/notes/3679346"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files)", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24319", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:56:15.313227Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:13.311Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24319", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-10T17:17:12.598851Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T17:17:17.105Z"}}], "cna": {"title": "Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP Business One (B1 Client Memory Dump Files)", "versions": [{"status": "affected", "version": "B1_ON_HANA 10.0"}, {"status": "affected", "version": "SAP-M-BO 10.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3679346"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "In SAP Business One, sensitive information is written to the application\ufffds memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.", "supportingMedia": [{"type": "text/html", "value": "<p>In SAP Business One, sensitive information is written to the application\ufffds memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-316", "description": "CWE-316: Cleartext Storage of Sensitive Information in Memory"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-02-10T03:03:33.788Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24319", "state": "PUBLISHED", "dateUpdated": "2026-02-11T04:56:14.733Z", "dateReserved": "2026-01-21T22:15:36.672Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-02-10T03:03:33.788Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "391F491C-2DE8-44E5-B054-42F188161C8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:business_one:10.0:*:*:*:*:sap_hana:*:*", "matchCriteriaId": "C1A6AF0B-16D1-4D03-A972-518B3D8242AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In SAP Business One, sensitive information is written to the application\ufffds memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability."}, {"lang": "es", "value": "En SAP Business One, la informaci\u00f3n sensible se escribe en los archivos de volcado de memoria de la aplicaci\u00f3n sin ofuscaci\u00f3n. Obtener acceso a esta informaci\u00f3n podr\u00eda potencialmente conducir a operaciones no autorizadas dentro del entorno B1, incluyendo la modificaci\u00f3n de datos de la empresa. Este problema resulta en un alto impacto en la confidencialidad y la integridad, sin impacto en la disponibilidad."}], "id": "CVE-2026-24319", "lastModified": "2026-02-17T15:30:20.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 5.2, "source": "cna@sap.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-10T04:16:03.820", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3679346"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-316"}], "source": "cna@sap.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "B1_ON_HANA 10.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "SAP-M-BO 10.0"}}], "product": "sap_business_one_(b1_client_memory_dump_files)", "vendor": "sap_se"}], "analysis": {"en": {"generated_at": "2026-04-17T20:57:18.195883+00:00", "value": {"mitigation_remediation": ["Apply the security patch provided in SAP Note\u00a03679346 to prevent sensitive data from being written to memory dumps.", "Restrict file system permissions on the B1 client memory dump files so that only authorized system administrators can read them.", "Disable or encrypt the memory dump files if the functionality is not required, ensuring that any remaining dumps are protected at rest."], "summary": {"action": "Apply Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects SAP Business One (B1 Client) version 10.0. Users of this product are at risk unless refreshed.", "description_and_impact": "SAP Business One creates memory dump files in which it writes sensitive application data without any obfuscation. If those files are accessed, an attacker can read confidential information and may use that knowledge to perform unauthorized operations, such as altering company data, thereby compromising both confidentiality and integrity.", "risk_and_exploitability": "The CVSS score of 5.8 indicates a medium severity, primarily due to the high confidentiality impact. The EPSS score of less than 1% shows a very low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The most probable attack vector is the ability to read the client\u2019s local memory dump files; if an attacker can gain local or remote file system access, the vulnerability can be leveraged to retrieve sensitive data."}}}}, "created": "2026-02-10T11:34:39.666231+00:00", "updated": "2026-04-17T21:00:12.726803+00:00", "vendors": ["sap_se", "sap_se$PRODUCT$sap_business_one_(b1_client_memory_dump_files)"]}