When trying to access an employee profile system throws an error and the profile does not load.
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
SAP SuccessFactors Employee Profile
Reproducing the Issue
- In People Search enter the name of the affected employee;
- See the error message appearing: "errorId=180ea43c-4d03-4cc8-9e1e-46f265557969, fingerprint=8177055cbdd9d1cb6a84c99cfa2dc45201bd8f6d, timestamp=2021-01-20T10:33:28.823+0100, errorMessage=An application error occurred. Please try again later, or notify support (with the error information of errorID=180ea43c-4d03-4cc8-9e1e-46f265557969, timestamp=2021-01-20T10:33:28.823+0100, and the version information from the current screen) if the issue keeps occurring., errorCode=SECURITYSCANNER, server=160pc12bcf79t, versionInfo=Release%3A%20b2011.20210105055920%0A%20%20%20%20Server%3A%20160pc12bcf79t%0A%20%20%20%20Timestamp%3A%202021-01-20T10%3A33%3A27.364%2B0100";
- Try to proxy as the employee an the same issue is experienced.
The encrypted value of the affected User ID is detected and blocked by the User Input Scanner.
This should only impact limited users when the encrypted data unexpectedly matches attack pattern.
As a temporal solution, you can disable the "User Input Scanner" feature.
For the long-term solution, this issue has been addressed in b2105 release. We have an enhancement to SFEncrypter to make the encrypted data URL safe, which means the character "+" or "=" will not be generated in the encrypted data, so the reported sample of encrypted value will not get generated.
We encourage you to check the following Help document for instructions on how to disable the "User Input Scanner" feature and security impacts:
Please note that disabling this feature will not expose a direct security issue as we have multiple layers of protection against security attack.
But keep track of this KBA for news on permanent fix.
Error Ocurred, Access, Employee, Profile, Error, Issue, Can't, Can Not, errorId=180ea43c-4d03-4cc8-9e1e-46f265557969, fingerprint=8177055cbdd9d1cb6a84c99cfa2dc45201bd8f6d, SEC-4322 , KBA , LOD-SF-EP-PP3 , People Profile (PP3) , Known Error