Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/97566 | Third Party Advisory VDB Entry |
| https://erpscan.io/advisories/erpscan-17-017-sap-netweaver-java-7-3-java-xss-ctcprotocolprotocol-servlet/ | Third Party Advisory |
Configurations
History
20 Apr 2021, 19:35
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
| References | (MISC) https://erpscan.io/advisories/erpscan-17-017-sap-netweaver-java-7-3-java-xss-ctcprotocolprotocol-servlet/ - Third Party Advisory | |
| References | (BID) http://www.securityfocus.com/bid/97566 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:* |
Information
Published : 2017-07-25 18:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-11458
Mitre link : CVE-2017-11458
CVE.ORG link : CVE-2017-11458
JSON object : View
Products Affected
sap
- netweaver_application_server_java
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')