cvedb.io
CVE-2017-16349
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2018-08-02T19:29:00.793 · Last modified 2026-06-17T01:09:13.640

Summary

An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability.

Affected products

sap — business_planning_and_consolidation

Does this affect you?

Add your gear to cvedb and we'll alert you only when sap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.