Vulnerabilities > CVE-2016-6256 - XXE vulnerability in SAP Business ONE 1.2.3

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
sap
CWE-611
exploit available

Summary

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065.

Vulnerable Configurations

Part Description Count
Application
Sap
1

Exploit-Db

descriptionSAP Business One for Android 1.2.3 - XML External Entity Injection. CVE-2016-6256. Webapps exploit for XML platform. Tags: XML External Entity (XXE)
fileexploits/xml/webapps/42036.txt
idEDB-ID:42036
last seen2017-05-19
modified2017-05-19
platformxml
port
published2017-05-19
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/42036/
titleSAP Business One for Android 1.2.3 - XML External Entity Injection
typewebapps

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/142597/sapbusinessone-xxe.txt
idPACKETSTORM:142597
last seen2017-05-20
published2017-05-20
reporterRavindra Singh Rathore
sourcehttps://packetstormsecurity.com/files/142597/SAP-Business-One-For-Android-1.2.3-XML-Injection.html
titleSAP Business One For Android 1.2.3 XML Injection