QwikSec

Security Database

CVE

CWE

Training

CVE-2018-2502

Published: Dec 11, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).

Vendor	Product	Versions
SAP	SAP Business One Service Layer (B1_ON_HANA)	affected `= 9.2` affected `= 9.3`

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699

x_refsource_MISC

vdb-entry

x_refsource_BID

https://launchpad.support.sap.com/#/notes/2680492

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.