Vulnerabilities > SAP > J2Ee Engine > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-08-09 CVE-2018-17861 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol.
network
low complexity
sap CWE-79
6.1
2021-08-09 CVE-2018-17862 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2.
network
low complexity
sap CWE-79
6.1
2021-08-09 CVE-2018-17865 Cross-site Scripting vulnerability in SAP J2Ee Engine 7.01
A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol.
network
low complexity
sap CWE-79
6.1
2014-04-10 CVE-2013-7357 Information Disclosure vulnerability in SAP J2EE Engine
Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors.
network
low complexity
sap
5.0