CVE-2016-6256

CRITICAL

SAP Business One for Android <1.2.3 - XSS

Title source: llm

Description

SAP Business One for Android 1.2.3 allows remote attackers to conduct XML External Entity (XXE) attacks via crafted XML data in a request to B1iXcellerator/exec/soap/vP.001sap0003.in_WCSX/com.sap.b1i.vplatform.runtime/INB_WS_CALL_SYNC_XPT/INB_WS_CALL_SYNC_XPT.ipo/proc, aka SAP Security Note 2378065.

Exploits (1)

exploitdb WORKING POC
by Ravindra Singh Rathore · textwebappsxml
https://www.exploit-db.com/exploits/42036

References (3)

Scores

CVSS v3 9.6
EPSS 0.1006
EPSS Percentile 93.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Details

CWE
CWE-611
Status published
Products (1)
sap/business_one 1.2.3
Published May 26, 2017
Tracked Since Feb 18, 2026