Vulnerabilities > SAP > J2Ee Engine > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-09 CVE-2018-17861 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol.
network
low complexity
sap CWE-79
6.1
6.1
2021-08-09 CVE-2018-17862 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2.
network
low complexity
sap CWE-79
6.1
6.1
2021-08-09 CVE-2018-17865 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol.
network
low complexity
sap CWE-79
6.1
6.1