Skip to Content

Important: Security Patch for PI 7.0x and XI 3.0 (SAP Note 1707494)

For customers who still have PI 7.0x or XI 3.0, please take note of this potential security problem.  PI 7.1x systems and above are not affected.

A malicious user can use an XML-based request to perform a denial of service attack on an XI 3.0/PI 7.0x system, or disclose local data as a response to the malicious request.

The problem is caused by a program error in XI 3.0 or PI 7.0x due to the incorrect use of an XML parser.  The parser can open external entities referenced in the XML request, which can lead to the malicious content being parsed.  The content can reference internal resources, such as files, by returning the contents as a response to the requester, or can be used to perform denial of service attack on the XI 3.0/PI 7.0x system.

To correct the problem, please apply the appropriate patch referenced in Note 1707494, https://service.sap.com/sap/support/notes/1707494.

2 Comments
You must be Logged on to comment or reply to a post.
  • Hi William,

    Could you please let know is there any patch level is released for PI-7.0 SP-16 ?

    Because this is not possible to upgrade support packge level SP-23 in our landsacpe.

    Regards,

    Abhijit

    • Hi Abhijit,

      I am sorry I do not have this information.  I think the best thing to do is to create a customer message for support to respond.

      Regards,

      William