Skip to Content

For customers who still have PI 7.0x or XI 3.0, please take note of this potential security problem.  PI 7.1x systems and above are not affected.

A malicious user can use an XML-based request to perform a denial of service attack on an XI 3.0/PI 7.0x system, or disclose local data as a response to the malicious request.

The problem is caused by a program error in XI 3.0 or PI 7.0x due to the incorrect use of an XML parser.  The parser can open external entities referenced in the XML request, which can lead to the malicious content being parsed.  The content can reference internal resources, such as files, by returning the contents as a response to the requester, or can be used to perform denial of service attack on the XI 3.0/PI 7.0x system.

To correct the problem, please apply the appropriate patch referenced in Note 1707494, https://service.sap.com/sap/support/notes/1707494.

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Abhijit Maiti

    Hi William,

    Could you please let know is there any patch level is released for PI-7.0 SP-16 ?

    Because this is not possible to upgrade support packge level SP-23 in our landsacpe.

    Regards,

    Abhijit

    (0) 
    1. William Li Post author

      Hi Abhijit,

      I am sorry I do not have this information.  I think the best thing to do is to create a customer message for support to respond.

      Regards,

      William

      (0) 

Leave a Reply