2 matches found
CVE-2018-17865
SAP J2EE Engine 7.01 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary scripts via the wsdlPath parameter to /ctcprotocol/Protocol. The issue affects products that are no longer supported by the maintainer. Several sources corroborate this ...
SAP J2EE Engine/7.01/Fiori Protocol Cross Site Scripting
I. VULNERABILITY ------------------------- SAP J2EE Engine/7.01/Fiori Reflected Cross Site Scripting XSS II. CVE REFERENCE ------------------------- Use CVE-2018-17865 III. VENDOR ------------------------- https://www.sap.com IV. TIMELINE ------------------------- 10/08/2018 Vulnerability...