CVE-2017-11458

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.3%

top 46.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Netweaver Application Server Java

Timeline

PublishedJul 25

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDsap/netweaver_application7.30

🔴Vulnerability Details

GHSA

GHSA-7jx4-2wj4-8hj2: Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7↗2022-05-13

▶

CVEList

CVE-2017-11458: Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7↗2017-07-25

▶