3387700 - SQL Query injection found in HTTP Request during security scanning

Symptom

SQL Query injection found in HTTP Request during security scanning using for example Burp Suite:
The URL in question is /BOE/portal/<ID>/biprwsproxy/biprws/v1/cmsquery

Environment

SAP BusinessObjects Business Intelligence (BI) Platform 4.x

Product

SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3

Keywords

SQL, Query, execution, running, http response, http request, XSS, vulnerabilities , KBA , BI-BIP-SEC , Security Vulnerabilities in SAP BusinessObjects , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.