Lucene search

MitreCVE-2018-17862

HistoryAug 09, 2021 - 7:15 p.m.

CVE-2018-17862

2021-08-0919:15:07

CWE-79

mitre

web.nvd.nist.gov

sap

j2ee engine

fiori

cross-site scripting

xss

vulnerability

cve-2018-17862

web script

remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

54.2%

JSON

A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Affected configurations

Nvd

Node

sapj2ee_engineMatch7.01

VendorProductVersionCPE
sapj2ee_engine7.01cpe:2.3:a:sap:j2ee_engine:7.01:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	j2ee_engine	7.01	cpe:2.3:a:sap:j2ee_engine:7.01:::::::*

References

packetstormsecurity.com/files/151946/SAP-J2EE-Engine-7.01-Fiori-test2-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2019/Mar/8

seclists.org/bugtraq/2019/Mar/5

Social References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

54.2%

JSON

Related for CVE-2018-17862