1475602 - Identifying and resolving security vulnerabilities in SAP Business Objects products [How-To]

Symptom

A third-party tool such as WebInspect or AppScan has been pointed at a deployment of a SAP Business Objects product (BI 4.x/20xx- 4.1, 4.2 , 4.3, 2025 ) and the resulting report shows a number of security vulnerabilities (such as Cross Site Scripting).

How are these issues addressed by SAP Support?
What are the responsibilities of the customer?
What are the responsibilities of SAP engineers?

Environment

SAP BusinessObjects Business Intelligence Platform 4.x (BI 4.1 / 4.2 / 4.3)
SAP BusinessObjects Business Intelligence Platform 20XX (BI 2025)
Windows
Linux / Unix

Product

SAP BusinessObjects Business Intelligence platform all versions ; SAP Crystal Reports, developer version for Microsoft Visual Studio ; SAP Crystal Server 2020 ; SAP Crystal Server 2025 ; SAP Crystal Server 2027 ; SAP Crystal Server XI

Keywords

security, vulnerability, vulnerabilities, CSS, scan, cross site scripting, xss, webinspect, appscan policy, BI, BO, fix, resolution, htkba , 4.1 , 4.2 , 3.1, 4.2, 4.3, CVE, 20xx, 2025 , KBA , cve , crlf , 4.3 , css , security , vulnerability , csrf , vulnerabilities , bobj , sapbi , mkba , bidep , xss , htkba , 4.0 , analytics , 3.1 , 4.1 , 3.x , 4.x , BI-BIP-SEC , Security Vulnerabilities in SAP BusinessObjects , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.