SAP Knowledge Base Article - Preview

3070347 - DM - 1800 release uses jQuery 2.2.3,

Symptom

We can see in DM stack 1800 that the Fiori launchpad is using SAPUI5 1.52.13 which in turn uses jQuery 2.2.3, which is flagged as vulnerable to CVE-2020-11022 & CVE-202-11023
According to this note, SAPUI5 should be upgraded:
2941170 - Cross-Site Scripting (XSS) vulnerabilities in modified jQuery bundled with SAPUI5


Read more...

Environment

Disclosure Management 10.1

Product

SAP Disclosure Management 10.0

Keywords

jquery CVE-2020-11022 , KBA , EPM-DSM-ANN , Annual Statement/Internal Reporting , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.