VYPR

Business One (Service Layer)

by SAP

CVEs (2)

  • CVE-2023-37487Aug 8, 2023
    risk 0.00cvss epss 0.00

    SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the…

  • CVE-2018-2502Dec 11, 2018
    risk 0.00cvss epss 0.01

    TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3).