/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
Microsoft Excel interprets cells of CSV files. This could have two consequences:
- Cells containing certain patterns (like “=2+3”) don´t show their pure content but display a calculation result (like “5”).
- Malicious users could enter fields in ByDesign that intentionally show wrong results when exported to CSV.
Environment
SAP Business bydesign
Cause
The general recommendation is to adjust interpreted CSV cells, e.g. every leading “=” should be prefixed by an apostrophe (like “'=2+3”).
In ByDesign, CSV files are not only used for data display in Excel but also for general data export and import. At several places field values have direct impact of business (e.g.: the ID “=ABC” is different from the ID “'=ABC”). Tests have shown that such a modification leads to critical issues. In consequence, ByDesign cannot follow the recommendation; it leaves the data unchanged during export. (“=2+3” remains “=2+3”.)
Resolution
To avoid that issues interfere with other parts of the document or exploit known vulnerabilities:
- Follow your company policy of keeping the software (Excel or other spreadsheet applications used) up to date.
- Recommend users to be cautious while dealing with CSV files with macros, following general best practices.
Keywords
CSV, Injection, Export, Import, Excel , KBA , csv , injection , import , export , excel , SRD-CC-MIG-DXT , BYD- Data Extraction Tool , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)