On 13.09.2022 a security relevant correction has been released by SAP SE. The manufacturer resolves an issue within SAP Business One.
SAP Note 3223392 addresses "[CVE-2022-35292] Windows Unquoted Service Path issue in SAP Business One" to prevent denial of service (dos) information disclosure with a high risk for exploitation.
A workaround does not exist, according to SAP Security Advisory team. It is advisable to implement the correction as part of maintenance, the team suggests.
Risk specificationSAP Business One allows authenticated attackers can gain SYSTEM privileges due to 'Unquoted Service Path' by abusing a weakness when creating a service.
Upgrade to S SAP Business One FP2202HF1.