CVE-2023-31405

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...

CVE-2023-31405

SAP NetWeaver AS for Java (ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50) is affected by a log-injection vulnerability via unauthenticated network requests that can modify system logs without user interaction. The root cause is log injection from network input; there is no information disclosur...

Cross site scripting

CA SiteMinder allows remote attackers to bypass cross-site scripting XSS protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters...