PT-2018-15603 · Sap · Sap Business One Service Layer
Published
2018-12-11
·
Updated
2019-01-07
·
CVE-2018-2502
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SAP Business One Service Layer versions prior to 9.2 and 9.3
Description
The issue allows an attacker to potentially use a Cross Site Tracing (XST) attack if the frontend applications using the Service Layer have a Cross-Site Scripting (XSS) vulnerability, due to the TRACE method being enabled.
Recommendations
For SAP Business One Service Layer versions prior to 9.2 and 9.3, update to version 9.2 or 9.3 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Business One Service Layer