CVE-2018-17862

Опубликовано: 09 авг. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Ссылки

http://packetstormsecurity.com/files/151946/SAP-J2EE-Engine-7.01-Fiori-test2-Cross-Site-Scripting.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Mar/8
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Mar/5
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/151946/SAP-J2EE-Engine-7.01-Fiori-test2-Cross-Site-Scripting.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Mar/8
Mailing List
Third Party Advisory
https://seclists.org/bugtraq/2019/Mar/5
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sap:j2ee_engine:7.01:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00467

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-873r-2ww2-8875