Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAP Business One Service Layer 安全漏洞
Vulnerability Description
SAP Business One是德国思爱普(SAP)公司的一套适用于小型企业的业务管理软件。该软件包括财务管理、客户关系管理和人力资源管理等功能。Service Layer是其中的一个能够通过Web服务调用SAP Business One的对象和服务的程序接口。 SAP Business One 9.2版本和9.3版本中的Service Layer存在跨站脚本漏洞。远程攻击者可利用该漏洞在用户浏览器中执行任意脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A