4 matches found
CVE-2018-17862
The CVE describes a cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori. An attacker can inject arbitrary web script via the sys_jdbc parameter to the path /TestJDBC_Web/test2. Affected software is SAP J2EE Engine/7.01/Fiori; the issue is tied to improper handling/validation of...
CVE-2018-17865
SAP J2EE Engine 7.01 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary scripts via the wsdlPath parameter to /ctcprotocol/Protocol. The issue affects products that are no longer supported by the maintainer. Several sources corroborate this ...
CVE-2018-17861
SAP J2EE Engine/7.01/Portal/EPP contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script via the wsdlLib parameter to the /ctcprotocol/Protocol endpoint. The issue arises from inadequate validation/sanitization of untrusted data, and is appli...
CVE-2013-7357
Technical details about CVE-2013-7357 are not provided in the connected documents; no specifics on affected SAP J2EE Engine components, vectors, or remediation are available. Monitor for updates.