TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap business one on hana 9.2 |
||
sap business one on hana 9.3 |