SAP Knowledge Base Article - Public

2948990 - Security message when exporting a model to a CSV file in SAP Analytics Cloud (SAC)


The following message occurs in SAP Analytics Cloud (SAC) when exporting a model to a CSV file:

  • "One or more exported CSV files have cells that begin with the =, -, @, or + symbols, which can be a security concern (can trigger CSV Injection) when the files are opened in third-party software. Please make sure that the files are exported from a trusted source before opening them"



  • SAP Analytics Cloud (Enterprise) All versions.
  • NEO and Cloud Foundry environments.

Reproducing the Issue

  1. Open a model that has a cell with the =, -, @, or + symbols.
  2. Go to "Data Management" > Export Jobs > Export Data > Export Model As File > Create new Schedule
  3. Choose the options and make sure to select a valid folder as destination.
  4. Click Export.
  5. The file is exported but you see a the mentioned message. 


The users are being informed of potential security risk (triggering CSV injection).

Export to CSV feature can be abused to inject Excel formulas into a generated file downloaded by the user.

Under certain circumstances, those formulas could be executed by the application opening the CSV file (Microsoft Excel is commonly mentioned).

The consequence is not just running arithmetic operations on a victim's machine, but may amount even to running arbitrary commands.


Since this issue should be mitigated by the application which would be importing/interpreting data from an external source, as Microsoft Excel does, the users should ensure that the files are exported from a trusted source before opening them.

See Also

Your feedback is important to help us improve our knowledge base.


SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics,Error, Issue, System, Data, User, Unable, Access, Connection, Sac, Connector, Live, Acquisition, Up, Set, setup, Model, BW, Connect, Story, Tenant, Import, Failed, Using, Working, SAML, SSO, sapanalyticscloud, sap analytical cloud, sap analytical cloud, SAC, sap analyst cloud, connected, failure, stopped , KBA , LOD-ANA-DES , Story Design & Visualizations , Problem


SAP Analytics Cloud 1.0