CVE-2016-6818

Name of the Vulnerable Software and Affected Versions SAP Business Intelligence platform versions prior to January 2017

Description The issue allows remote attackers to obtain sensitive information, modify data, cause a denial of service, or launch administrative operations via a crafted SQL query. This is due to the lack of protection measures for the SQL query structure.

Recommendations For SAP Business Intelligence platform versions prior to January 2017, apply the fix as described in SAP Security Note 2361633 to resolve the issue. As a temporary workaround, consider restricting access to the SQL query functionality to minimize the risk of exploitation.