Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe

Filtered by product J2ee Engine

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-17861	1 Sap	1 J2ee Engine	2021-08-13	4.3 MEDIUM	6.1 MEDIUM
UNSUPPORTED WHEN ASSIGNED A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2018-17862	1 Sap	1 J2ee Engine	2021-08-13	4.3 MEDIUM	6.1 MEDIUM
UNSUPPORTED WHEN ASSIGNED A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2018-17865	1 Sap	1 J2ee Engine	2021-08-13	4.3 MEDIUM	6.1 MEDIUM
UNSUPPORTED WHEN ASSIGNED A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.