Blog: Vulnerability Advisory

XSS in SAP Business Intelligence Documents

consultant-placeholder08 Jamie Riden 12 Apr 2016

Reference PTP-2016-002

1. Description

Limited details are being published until SAP customers have had a chance to apply patches.

Title Security Note CVSS3 Base Score CVSS3 Base Vector
Cross-Site Scripting (XSS) vulnerability in BI Documents 2274286 5.4 NLLR|C|LLN


The details for security note 2274286 should be accessible here for SAP customers (requires login):

2. CVSS Score

SAP have given the base CVSS 3 score as 5.4. We feel this is reasonable.

3. Resolution

Review the security note and apply the relevant patch.

4. Vulnerability Timeline

27/01/2016 SAP informed

27/01/2016 SAP respond

12/04/2016 Advisory/patch published