CVE-2026-24319 identifies a vulnerability in SAP Business One (B1 Client Memory Dump Files) versions 10.0 (B1_ON_HANA and SAP-M-BO) where sensitive information is written to memory dump files in cleartext without any obfuscation or encryption. Memory dump files are typically generated when the application crashes or encounters critical errors, capturing the state of the application’s memory for troubleshooting. However, in this case, the dumps inadvertently contain sensitive data such as authentication tokens, credentials, or business-critical information in plaintext. An attacker with local access and high privileges who can trigger or access these dump files could extract this sensitive information, enabling unauthorized operations within the SAP Business One environment, including modification of company data. The vulnerability is classified under CWE-316 (Cleartext Storage of Sensitive Information) and has a CVSS v3.1 score of 5.8, reflecting medium severity. The attack vector is local (AV:L), requiring low attack complexity (AC:L), but high privileges (PR:H) and user interaction (UI:R). The vulnerability impacts confidentiality and integrity but does not affect availability. No public exploits are currently known, and no patches have been linked yet. This issue highlights the risk of sensitive data exposure through diagnostic files, which are often overlooked in security controls.

For European organizations, the exposure of sensitive information in memory dump files can lead to significant confidentiality breaches and unauthorized data manipulation within SAP Business One environments. Given SAP Business One’s role in managing financial, operational, and customer data for small to medium enterprises, unauthorized access could result in financial fraud, data integrity loss, and regulatory compliance violations such as GDPR breaches. The impact is heightened in sectors where SAP Business One is widely used, including manufacturing, retail, and professional services. Although the vulnerability requires local high-privilege access, insider threats or attackers who gain elevated access through other means could exploit this to escalate privileges or move laterally within networks. The lack of availability impact means business continuity is not directly affected, but the integrity and confidentiality risks could lead to reputational damage and legal consequences. Organizations must consider the sensitivity of data stored in memory and the security of diagnostic files in their risk assessments.

To mitigate this vulnerability, European organizations should implement strict access controls on systems running SAP Business One, ensuring only authorized personnel have high-level privileges capable of accessing memory dump files. Regularly audit and monitor the creation and access of memory dump files to detect unauthorized attempts. Configure SAP Business One and underlying operating systems to limit or disable memory dump generation where feasible, or ensure dumps are securely stored and encrypted. Employ endpoint protection solutions that can detect and prevent unauthorized file access or exfiltration. Educate administrators and users about the risks of sensitive data exposure in diagnostic files and enforce least privilege principles to reduce the risk of privilege escalation. Stay alert for SAP’s official patches or updates addressing this vulnerability and apply them promptly once available. Additionally, implement network segmentation to limit lateral movement if an attacker gains local access. Finally, consider using data loss prevention (DLP) tools to monitor sensitive data leakage from endpoints.