Medium severity6.1NVD Advisory· Published Dec 12, 2017· Updated May 13, 2026

CVE-2017-16685

Description

Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data Integration, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to insufficient encoding of user controlled inputs.

Affected products

SAP/Business Warehouse Universal Data Integration7 versions
cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.10:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.10:*:*:*:*:*:*:*
- cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.11:*:*:*:*:*:*:*
- cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.20:*:*:*:*:*:*:*
- cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.30:*:*:*:*:*:*:*
- cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.31:*:*:*:*:*:*:*
- cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.40:*:*:*:*:*:*:*
- cpe:2.3:a:sap:business_warehouse_universal_data_integration:7.50:*:*:*:*:*:*:*
SAP/SAP Business Warehouse Universal Data Integrationv5
Range: BI UDI from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/102148nvdThird Party AdvisoryVDB Entry
blogs.sap.com/2017/12/12/sap-security-patch-day-december-2017/nvdVendor Advisory
launchpad.support.sap.comnvdPermissions Required

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000