{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T16:55:41.176","vulnerabilities":[{"cve":{"id":"CVE-2021-38180","sourceIdentifier":"cna@sap.com","published":"2021-10-12T15:15:08.720","lastModified":"2026-02-24T18:22:14.410","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP Business One - version 10.0, allows an attacker to inject formulas when exporting data to Excel (CSV injection) due to improper sanitation during the data export. An attacker could thereby execute arbitrary commands on the victim's computer but only if the victim allows to execute macros while opening the file and the security settings of Excel allow for command execution."},{"lang":"es","value":"SAP Business One - versión 10.0, permite a un atacante inyectar fórmulas cuando se exportan datos a Excel (inyección CSV) debido a un saneo inapropiado durante la exportación de datos. Un atacante podría así ejecutar comandos arbitrarios en el ordenador de la víctima, pero sólo si ésta permite ejecutar macros mientras abre el archivo y la configuración de seguridad de Excel permite una ejecución de comandos"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@sap.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1236"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:business_one:10.0:*:*:*:*:*:*:*","matchCriteriaId":"391F491C-2DE8-44E5-B054-42F188161C8A"}]}]}],"references":[{"url":"https://launchpad.support.sap.com/#/notes/3079427","source":"cna@sap.com","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/3079427","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=587169983","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}