Symptom
We can see in DM stack 1800 that the Fiori launchpad is using SAPUI5 1.52.13 which in turn uses jQuery 2.2.3, which is flagged as vulnerable to CVE-2020-11022 & CVE-202-11023
According to this note, SAPUI5 should be upgraded:
2941170 - Cross-Site Scripting (XSS) vulnerabilities in modified jQuery bundled with SAPUI5
Read more...
Environment
Disclosure Management 10.1
Product
SAP Disclosure Management 10.0
Keywords
jquery CVE-2020-11022 , KBA , EPM-DSM-ANN , Annual Statement/Internal Reporting , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.