Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SAP J2EE Engine/7.01/Portal/EPP Protocol Cross Site Scripting

🗓️ 04 Mar 2019 00:00:00Reported by Ece OrselType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 58 Views

SAP J2EE Engine/7.01/Portal/EPP Reflected Cross Site Scripting (XSS) CVE-2018-17861 discovered and reporte

Related
Code
ReporterTitlePublishedViews
Family
CNVD		SAP J2EE Engine Cross-Site Scripting Vulnerability
7 Mar 201900:00
cnvd
CVE		CVE-2018-17861
9 Aug 202118:30
cve
Cvelist		CVE-2018-17861
9 Aug 202118:30
cvelist
NVD		CVE-2018-17861
9 Aug 202119:15
nvd
Prion		Cross site scripting
9 Aug 202119:15
prion
Positive Technologies		PT-2021-8825 · Sap · Sap J2Ee Engine
9 Aug 202100:00
ptsecurity
`I. VULNERABILITY  
-------------------------  
SAP J2EE Engine/7.01/Portal/EPP  
Reflected Cross Site Scripting (XSS)  
  
II. CVE REFERENCE  
-------------------------  
CVE-2018-17861  
  
III. VENDOR  
-------------------------  
https://www.sap.com  
  
IV. TIMELINE  
-------------------------  
10/08/2018 Vulnerability discovered  
12/07/2018 Vendor contacted  
19/07/2018 SAP reply that SAP J2EE engine/7.01 end of support  
  
V. CREDIT  
-------------------------  
Ece Orsel from Biznet Bilisim A.S.  
  
VI. DESCRIPTION  
-------------------------  
Cross Site Scripting (XSS) allows clients to inject scripts into a request and  
have the server return the script to the client in the response. This occurs  
because the application is taking untrusted data and reusing it  
without performing any validation or sanitisation.  
A remote user can conduct cross-site scripting attacks.  
  
Affected Component:  
Path(inurl): /ctcprotocol/Protocol  
Parameter: wsdlLib  
  
VII. SOLUTION  
-------------------------  
Update SAP to lastest version.  
  
--   
B.Ece Arsel  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Mar 2019 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.00467
sap j2ee engineportaleppcross site scriptingxsscve-2018-17861remote uservalidationsanitisationupdate.
58