← volver
CVE-2018-2502

CVE-2018-2502

EPSS 1.3%
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
Productos afectados
SAP · SAP Business One Service Layer (B1_ON_HANA)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://launchpad.support.sap.com/#/notes/2680492https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699http://www.securityfocus.com/bid/106173