Vulnerabilities > CVE-2016-6256 - XXE vulnerability in SAP Business ONE 1.2.3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | SAP Business One for Android 1.2.3 - XML External Entity Injection. CVE-2016-6256. Webapps exploit for XML platform. Tags: XML External Entity (XXE) |
file | exploits/xml/webapps/42036.txt |
id | EDB-ID:42036 |
last seen | 2017-05-19 |
modified | 2017-05-19 |
platform | xml |
port | |
published | 2017-05-19 |
reporter | Exploit-DB |
source | https://www.exploit-db.com/download/42036/ |
title | SAP Business One for Android 1.2.3 - XML External Entity Injection |
type | webapps |
Packetstorm
data source | https://packetstormsecurity.com/files/download/142597/sapbusinessone-xxe.txt |
id | PACKETSTORM:142597 |
last seen | 2017-05-20 |
published | 2017-05-20 |
reporter | Ravindra Singh Rathore |
source | https://packetstormsecurity.com/files/142597/SAP-Business-One-For-Android-1.2.3-XML-Injection.html |
title | SAP Business One For Android 1.2.3 XML Injection |
References
- http://packetstormsecurity.com/files/142597/SAP-Business-One-For-Android-1.2.3-XML-Injection.html
- http://packetstormsecurity.com/files/142597/SAP-Business-One-For-Android-1.2.3-XML-Injection.html
- http://www.securityfocus.com/bid/98590
- http://www.securityfocus.com/bid/98590
- https://www.exploit-db.com/exploits/42036/
- https://www.exploit-db.com/exploits/42036/