CVE-2021-33698: 
SAP Business One vulnerability analysis and mitigation

CVE-2021-33698 is a critical security vulnerability affecting SAP Business One version 10.0, discovered and disclosed in 2021. This vulnerability allows attackers with business authorization to upload arbitrary files, including malicious scripts, to the server without proper file format validation (Threatpost, CVE).

The vulnerability has been assigned a CVSS score of 9.9, falling just short of the maximum severity rating of 10 only because it requires a minimal set of authorizations. The vulnerability is classified under CWE-434, which relates to unrestricted file upload issues (Threatpost).

If exploited, this vulnerability could allow attackers to upload malicious scripts to the server, potentially leading to complete compromise of sensitive data residing on the server and impacting its availability. The vulnerability affects SAP Business One, which is critical software used by small and medium-sized enterprises for business management (Threatpost).

SAP has released a hotfix to address this vulnerability. For customers who cannot immediately apply the patch, a temporary workaround is available by deactivating the affected functionality. However, SAP emphasizes that this workaround should not be considered a permanent solution (Threatpost).

Security researchers and experts have urged enterprises to patch quickly, noting that SAP vulnerabilities are being weaponized in a matter of hours. This vulnerability was part of SAP's most noteworthy Patch Day of 2021, which included multiple critical security fixes (Threatpost).