CVE-2017-11458
Description
Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.297
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2016-10311,CVE-2017-11458,CVE-2017-14581 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) 7.3 | Windows |
| Vulnerabilities CVE-2016-10311,CVE-2016-4015,CVE-2017-11458,CVE-2017-14581 are affected in SAP NetWeaver and ABAP Platform (Service Data Collection) 7.3 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234