CVE-2021-38179: 
SAP Business One vulnerability analysis and mitigation

Debug function of Admin UI of SAP Business One Integration is enabled by default, identified as CVE-2021-38179. This vulnerability was discovered and disclosed in October 2021, affecting SAP Business One version 10.0. The vulnerability allows Admin Users to view captured packet contents which may include user credentials (SAP Advisory, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. The CVSS v2.0 Base Score is 4.0 (Medium) with vector (AV:N/AC:L/Au:S/C:P/I:N/A:N). This indicates that the vulnerability requires network access and high privileges to exploit, but no user interaction is needed (NVD).

The primary impact of this vulnerability is on the confidentiality of user credentials. When exploited, Admin Users can view packet contents that may contain sensitive user authentication information. There is no direct impact on system integrity or availability (NVD).

SAP has released security patches to address this vulnerability. Users should refer to SAP Security Note 3074819 for detailed mitigation instructions (SAP Note).