Blog: Vulnerability Advisory
XSS in SAP Business Intelligence Documents
Reference PTP-2016-002
1. Description
Limited details are being published until SAP customers have had a chance to apply patches.
| Title | Security Note | CVSS3 Base Score | CVSS3 Base Vector |
| Cross-Site Scripting (XSS) vulnerability in BI Documents | 2274286 | 5.4 | NLLR|C|LLN |
The details for security note 2274286 should be accessible here for SAP customers (requires login):
https://websmp230.sap-ag.de/sap/support/notes/2274286
2. CVSS Score
SAP have given the base CVSS 3 score as 5.4. We feel this is reasonable.
3. Resolution
Review the security note and apply the relevant patch.
4. Vulnerability Timeline
27/01/2016 SAP informed
27/01/2016 SAP respond
12/04/2016 Advisory/patch published
