Blog: Vulnerability Advisory
XSS in SAP Business Intelligence Documents
Limited details are being published until SAP customers have had a chance to apply patches.
|Title||Security Note||CVSS3 Base Score||CVSS3 Base Vector|
|Cross-Site Scripting (XSS) vulnerability in BI Documents||2274286||5.4||NLLR|C|LLN|
The details for security note 2274286 should be accessible here for SAP customers (requires login):
2. CVSS Score
SAP have given the base CVSS 3 score as 5.4. We feel this is reasonable.
Review the security note and apply the relevant patch.
4. Vulnerability Timeline
27/01/2016 SAP informed
27/01/2016 SAP respond
12/04/2016 Advisory/patch published