Symptom
- The visibility of the `bttoken` token in the SAP BusinessObjects (BO) URL.
Example URLs:
- admin/App/home.faces?service=%2Fadmin%2FApp%2FappService.jsp&appKind=CMC&bttoken=MDAwRFBdRTpTMVxCVDFEYVQ2U0BDYUlRQDc6NVU2MTAEQ`
- `/PlatformServices/jsp/Server_CommonServices/servercommonservices.faces`
- `/admin/App/Admin/QueryResults/queryResultsFrameSet.faces`
- `/admin/App/cmcHome.faces`
- `/admin/App/frameset.jsp`
- `/admin/App/home.faces`
- `/admin/Kind/Inbox/list.faces`
- `/admin/Kind/RemoteCluster/list.faces`
- `/admin/Kind/Server/listUre.faces`
Read more...
Environment
- SAP BusinessObjects Business 4.2 and 4.3
- Windows
- Linux / Unix
- Http/Https
Product
SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3
Keywords
security, vulnerability, CVE, `bttoken` token, CMC, BI , KBA , BI-BIP-SEC , Security Vulnerabilities in SAP BusinessObjects , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Known Error
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.