A note with CVSS 7.5 for component SBO-CRO-SEC was released by SAP on 12.07.2022. The correction/advisory 3157613 was described with "[CVE-2022-28771] Missing Authentication check in SAP Business One (License service API)" and affects the system type SAP Business One .
A workaround does not exist, according to SAP Security Advisory team. It is advisable to implement the correction as part of maintenance.
The vulnerability addressed is denial of service (dos) missing authentication check within SAP Business One .
Risk specificationDue to a missing authentication check, SAP Business One allows an unauthenticated attacker to send malicious HTTP requests over the network. An attacker can break the whole application on successful exploitation, making it inaccessible.
Authentication checks are added to the license service API in SAP Business One