CVE-2017-16349
HIGHSAP Business Planning and Consolidation - XML External Entity Injection in Reporting Functionality
Title source: llmDescription
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability.
References (1)
Core 1
Core References
Broken Link x_refsource_misc
https://www.talosintelligence.com/vulnerability_reports/SAP
Scores
CVSS v3
8.1
EPSS
0.0032
EPSS Percentile
54.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Details
CWE
CWE-611
Status
published
Products (1)
sap/business_planning_and_consolidation
Published
Aug 02, 2018
Tracked Since
Feb 18, 2026