← voltar
CVE-2018-2502

CVE-2018-2502

EPSS 1.3%
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
Produtos afetados
SAP · SAP Business One Service Layer (B1_ON_HANA)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://launchpad.support.sap.com/#/notes/2680492https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699http://www.securityfocus.com/bid/106173