← back
CVE-2018-2502

CVE-2018-2502

EPSS 1.3%
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
Affected products
SAP · SAP Business One Service Layer (B1_ON_HANA)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2680492https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699http://www.securityfocus.com/bid/106173