Arbitrary Web Script Injection in SAP NetWeaver AS JAVA 7.3 (SAP Security Note 2406783)

Arbitrary Web Script Injection in SAP NetWeaver AS JAVA 7.3 (SAP Security Note 2406783)

CVE-2017-11458 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.

Learn more about our Web App Pen Testing.