Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Showing results for 
Search instead for 
Did you mean: 
Former Member

For customers who still have PI 7.0x or XI 3.0, please take note of this potential security problem.  PI 7.1x systems and above are not affected.

A malicious user can use an XML-based request to perform a denial of service attack on an XI 3.0/PI 7.0x system, or disclose local data as a response to the malicious request.

The problem is caused by a program error in XI 3.0 or PI 7.0x due to the incorrect use of an XML parser.  The parser can open external entities referenced in the XML request, which can lead to the malicious content being parsed.  The content can reference internal resources, such as files, by returning the contents as a response to the requester, or can be used to perform denial of service attack on the XI 3.0/PI 7.0x system.

To correct the problem, please apply the appropriate patch referenced in Note 1707494, https://service.sap.com/sap/support/notes/1707494.

2 Comments