Lucene search

[email protected]CVE-2017-16685

HistoryDec 12, 2017 - 2:29 p.m.

CVE-2017-16685

2017-12-1214:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2017-16685

cross-site scripting

xss

sap business warehouse

universal data integration

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.7%

JSON

Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.

Affected configurations

NVD

Node

sapbusiness_warehouse_universal_data_integrationMatch7.10

sapbusiness_warehouse_universal_data_integrationMatch7.11

sapbusiness_warehouse_universal_data_integrationMatch7.20

sapbusiness_warehouse_universal_data_integrationMatch7.30

sapbusiness_warehouse_universal_data_integrationMatch7.31

sapbusiness_warehouse_universal_data_integrationMatch7.40

sapbusiness_warehouse_universal_data_integrationMatch7.50

CPENameOperatorVersion
sap:business_warehouse_universal_data_integrationsap business warehouse universal data integrationeq7.10
sap:business_warehouse_universal_data_integrationsap business warehouse universal data integrationeq7.11
sap:business_warehouse_universal_data_integrationsap business warehouse universal data integrationeq7.20
sap:business_warehouse_universal_data_integrationsap business warehouse universal data integrationeq7.30
sap:business_warehouse_universal_data_integrationsap business warehouse universal data integrationeq7.31
sap:business_warehouse_universal_data_integrationsap business warehouse universal data integrationeq7.40
sap:business_warehouse_universal_data_integrationsap business warehouse universal data integrationeq7.50

CPE	Name	Operator	Version
sap:business_warehouse_universal_data_integration	sap business warehouse universal data integration	eq	7.10
sap:business_warehouse_universal_data_integration	sap business warehouse universal data integration	eq	7.11
sap:business_warehouse_universal_data_integration	sap business warehouse universal data integration	eq	7.20
sap:business_warehouse_universal_data_integration	sap business warehouse universal data integration	eq	7.30
sap:business_warehouse_universal_data_integration	sap business warehouse universal data integration	eq	7.31
sap:business_warehouse_universal_data_integration	sap business warehouse universal data integration	eq	7.40
sap:business_warehouse_universal_data_integration	sap business warehouse universal data integration	eq	7.50

CNA Affected

[
  {
    "product": "SAP Business Warehouse Universal Data Integration",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "BI UDI from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102148

blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/

launchpad.support.sap.com/#/notes/2537545

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

45.7%

JSON

Related for CVE-2017-16685

ptsecurity2 cvelist1 nvd1 prion1