Vulnerability Details CVE-2017-16681
Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/102142
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
- https://launchpad.support.sap.com/#/notes/2523913
- http://www.securityfocus.com/bid/102142
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
- https://launchpad.support.sap.com/#/notes/2523913
Products affected by CVE-2017-16681
-
cpe:2.3:a:sap:business_intelligence_promotion_management_application:4.10
-
cpe:2.3:a:sap:business_intelligence_promotion_management_application:4.20
-
cpe:2.3:a:sap:business_intelligence_promotion_management_application:4.30