CVE-2017-16349

Name of the Vulnerable Software and Affected Versions: SAP BPC (affected versions not specified)

Description: The issue concerns an XML external entity vulnerability in the reporting functionality. It can be triggered by a specially crafted XML request, leading to information disclosure and potential denial of service. An attacker must issue authenticated HTTP requests to exploit this vulnerability.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.