Vulnerability Details CVE-2017-16685
Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/102148
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
- https://launchpad.support.sap.com/#/notes/2537545
- http://www.securityfocus.com/bid/102148
- https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
- https://launchpad.support.sap.com/#/notes/2537545
Products affected by CVE-2017-16685
-
cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.10
-
cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.11
-
cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.20
-
cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.30
-
cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.31
-
cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.40
-
cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.50