CVE-2026-24319 is a medium-severity vulnerability identified in SAP Business One, specifically affecting the B1 Client Memory Dump Files in versions B1_ON_HANA 10.0 and SAP-M-BO 10.0. The vulnerability arises from the cleartext storage of sensitive information in application memory dump files without any obfuscation or encryption. Memory dumps are typically generated during application crashes or debugging sessions and may contain critical data such as authentication tokens, credentials, or business-sensitive information. An attacker who gains access to these dump files—requiring local access with high privileges and user interaction—can extract this sensitive information. This exposure can lead to unauthorized operations within the SAP Business One environment, including the modification of company data, thereby compromising both confidentiality and integrity. The vulnerability does not impact system availability. The CVSS 3.1 vector (AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N) indicates that exploitation requires local access, low attack complexity, high privileges, and user interaction, with high impact on confidentiality and integrity but no impact on availability. Currently, there are no known exploits in the wild, and no patches have been linked yet. The issue is classified under CWE-316, which pertains to cleartext storage of sensitive information in memory.

The primary impact of this vulnerability is on the confidentiality and integrity of sensitive business data within SAP Business One environments. If exploited, attackers with local privileged access can extract sensitive information from memory dump files, potentially including credentials or session tokens, which can be leveraged to perform unauthorized operations such as data modification or unauthorized access to business-critical functions. This can lead to financial loss, regulatory compliance violations, and damage to organizational reputation. Since the vulnerability does not affect availability, denial-of-service scenarios are unlikely. However, the requirement for high privileges and user interaction limits the attack surface to insider threats or attackers who have already compromised a system with elevated rights. Organizations with SAP Business One deployments, especially in sectors handling sensitive financial or operational data, face increased risk if local access controls are weak or if memory dump files are not properly secured.

To mitigate CVE-2026-24319, organizations should implement strict access controls on systems running SAP Business One to ensure only authorized personnel have local access, especially with elevated privileges. Limit the generation and retention of memory dump files to the minimum necessary for troubleshooting, and securely delete or encrypt these files to prevent unauthorized reading. Monitor and audit access to memory dump files and related directories to detect suspicious activity. Apply the principle of least privilege to reduce the number of users with high-level access. Coordinate with SAP for official patches or updates addressing this vulnerability and deploy them promptly once available. Additionally, consider implementing endpoint detection and response (EDR) solutions to detect anomalous access patterns or attempts to extract sensitive data from memory. Educate administrators and users about the risks of exposing sensitive information through memory dumps and enforce policies to handle such files securely.