SAP Knowledge Base Article - Preview

3123811 - Blind SQL Injection Vulnerability

Symptom

  • After copying the URL below to the browser, it shows BI Launchpad Preferences options:

http://<ServerName>:port>/BOE/portal/2111091147/PlatformServices/jsp/common/actionSetTreeNav.facescafWebSesInit=true&bttoken=MDAwRE5COm5lY2NIQEc7RkhBP2ZHT1NPUV09TVpTOjAEQ&bttoken=MDAwRE5COm5lY2NIQEc7RkhBP2ZHT1NPUV09TVpTOjAEQ&appKind=InfoView&service=2FInfoView2Fcommon2FappService.do&loc=en&pvl=en_US&ctx=standalone&actId=4784&objIds=38409&containerId=&pref=pref3DmaxOpageUt253D200253BmaxOpageC253D10253Btz253DAsia252FSingapore253BmUnit253Dinch253BshowFilters253Dtrue253BsmtpFrom253Dtrue253BpromptForUnsavedData253Dtrue253B&disablePrefLocale=false&supportMyGroups=false

  • The URL is specific to each environment : Testing it in other environments and replacing the hostname and port only will generate an error.


Read more...

Environment

SAP BusinessObjects Business Intelligence Platform 4.x

Product

SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3

Keywords

KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.