Cross-Site Scripting Vulnerability in SAP Business Warehouse by SAP
CVE-2017-16685

6.1MEDIUM

Key Information:

Vendor
SAP
Status
SAP Business Warehouse Universal Data Integration
Vendor
CVE Published:
12 December 2017

Summary

A Cross-Site Scripting (XSS) vulnerability exists in SAP Business Warehouse Universal Data Integration due to insufficient encoding of user-controlled inputs. This weakness can allow attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized actions or data exposure. The affected versions range from 7.10 to 7.50, making it imperative for users of this software to apply the necessary patches and updates to mitigate the risk.

Affected Version(s)

SAP Business Warehouse Universal Data Integration BI UDI from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

References

https://blogs.sap.com/2017/12/12/sap-security-patch-day-d...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102148
vdb-entryx_refsource_BID
https://launchpad.support.sap.com/#/notes/2537545
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.