cbcvebase.
CVE-2017-11458
published 2017-07-25

CVE-2017-11458: Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web…

medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.

Affected

1 ranges
VendorProductVersion rangeFixed in
sapnetweaver_application_server_java