CVE-2017-16685

Name of the Vulnerable Software and Affected Versions: SAP Business Warehouse Universal Data Integration versions 7.10 through 7.11 SAP Business Warehouse Universal Data Integration version 7.20 SAP Business Warehouse Universal Data Integration version 7.30 SAP Business Warehouse Universal Data Integration version 7.31 SAP Business Warehouse Universal Data Integration version 7.40 SAP Business Warehouse Universal Data Integration version 7.50

Description: The issue is related to Cross-Site scripting (XSS) due to insufficient encoding of user-controlled inputs, allowing a remote attacker to inject arbitrary code. This is caused by incorrect processing of user-provided data.

Recommendations: For SAP Business Warehouse Universal Data Integration versions 7.10 through 7.11, update to a version that properly encodes user-controlled inputs to prevent XSS attacks. For SAP Business Warehouse Universal Data Integration version 7.20, ensure proper encoding of user-controlled inputs to mitigate the risk of code injection. For SAP Business Warehouse Universal Data Integration version 7.30, apply necessary configuration changes to prevent insufficient encoding of user-controlled inputs. For SAP Business Warehouse Universal Data Integration version 7.31, restrict access to areas where user-controlled inputs are processed to minimize the risk of exploitation. For SAP Business Warehouse Universal Data Integration version 7.40, consider implementing additional validation for user-provided data to prevent code injection. For SAP Business Warehouse Universal Data Integration version 7.50, apply a fix that correctly handles user-controlled inputs to prevent XSS attacks.