TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).
CPE | Name | Operator | Version |
---|---|---|---|
business_one_on_hana | eq | 9.2 | |
business_one_on_hana | eq | 9.3 |