CVE-2017-16685

MEDIUM

SAP Business Warehouse Universal Data Integration <7.50 - XSS

Title source: llm

Description

Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/102148

Permissions Required x_refsource_confirm

https://launchpad.support.sap.com/#/notes/2537545

Scores

CVSS v3 6.1

EPSS 0.0042

EPSS Percentile 61.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (8)

sap/business_warehouse_universal_data_integration 7.10

sap/business_warehouse_universal_data_integration 7.11

sap/business_warehouse_universal_data_integration 7.20

sap/business_warehouse_universal_data_integration 7.30

sap/business_warehouse_universal_data_integration 7.31

sap/business_warehouse_universal_data_integration 7.40

sap/business_warehouse_universal_data_integration 7.50

SAP/SAP Business Warehouse Universal Data Integration BI UDI from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

Published Dec 12, 2017

Tracked Since Feb 18, 2026