CVE-2026-24319 PUBLISHED

Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files)

Assigner: sap
Reserved: 21.01.2026 Published: 10.02.2026 Updated: 10.02.2026

In SAP Business One, sensitive information is written to the application�s memory dump files without obfuscation. Gaining access to this information could potentially lead to unauthorized operations within the B1 environment, including modification of company data. This issue results in a high impact on confidentiality and integrity, with no impact on availability.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
CVSS Score: 5.8

Attack Vector	Local	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	High
User Interaction	Required	Availability Impact	None

CVSS 3.1

Product Status

Vendor	SAP_SE
Product	SAP Business One (B1 Client Memory Dump Files)
Versions	Default: unaffected Version B1_ON_HANA 10.0 is affected Version SAP-M-BO 10.0 is affected

CVE-2026-24319 PUBLISHED

Information Disclosure Vulnerability in SAP Business One (B1 Client Memory Dump Files)

Metrics

Product Status

References

Problem Types