CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-16681

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1280%
EPSS Percentile32.50th
Published2017年12月12日
Last Modified2026年5月13日

Vulnerability Description

Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded.

Affected Platforms (CPE)

📦
Sap

Business Intelligence Promotion Management Application

= 4.10
📦
Sap

Business Intelligence Promotion Management Application

= 4.20
📦
Sap

Business Intelligence Promotion Management Application

= 4.30

References & Advisories

🔗 http://www.securityfocus.com/bid/102142
🔗 https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
🔗 https://launchpad.support.sap.com/#/notes/2523913
🔗 http://www.securityfocus.com/bid/102142
🔗 https://blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/
🔗 https://launchpad.support.sap.com/#/notes/2523913

関連する脆弱性情報

CVE-2017-166849.8

SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication check...

CVE-2017-514510.0

An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. S...

CVE-2017-796410.0

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote att...

CVE-2017-232010.0

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenti...