Arbitrary Web Script Injection in SAP NetWeaver AS JAVA 7.3 (SAP Security Note 2406783)
CVE-2017-11458 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.
Learn more about our Web App Pen Testing.