1945410 - BPC 10: MHTML Cross-Site Scripting Vulnerabilities

Symptom

Cross Site Scripting (CSS) vulnerabilities detected when performing an HTTP security scan on BPC server:

1) URL: https://<server_name>:<port>/sap/afcpserver/fetcher

Referer: https://<server_name>:<port>/sap/afcpserver/container/apps/sap.com/poa_sbc_bui_client_fcp_eap/com_sap_tc_ui_ria_fcp/com_sap

Test:: Set the value of the parameter 'value' to 'Content-Type:%20multipart/related;%20boundary=_AppScan%0d%0a--_AppScan%0d%0aContent-Location:foo%0d%0aContent-Transfer-Encoding:base64%0d%0a%0d%0aPGh0bWw%2bPHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD48L2h0bWw%2b%0d%0a'

Reported issue: The test response was found to contain the decoded payload after it was sent encoded.

2) URL: https://<server_name>:<port>/sap/bpc/web

Referer: https://<server_name>:<port>/sap/bpc/web

Test: Set the value of the parameter 'sap-language' to 'Content-Type:%20multipart/related;%20boundary=_AppScan%0d%0a--_AppScan%0d%0aContent-Location:foo%0d%0aContent-Transfer-Encoding:base64%0d%0a%0d%0aPGh0bWw%2bPHNjcmlwdD5hbGVydCgiWFNTIik8L3NjcmlwdD48L2h0bWw%2b%0d%0a'

Reported issue: The test response was found to contain the decoded payload after it was sent encoded

Environment

SAP Business Planning and Consolidation 10.0 SP10, version for SAP NetWeaver

Product

SAP Business Planning and Consolidation 10.0, version for SAP NetWeaver

Keywords

crosssite css , KBA , EPM-BPC-NW-WEB , Web , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.