Cross-Site Scripting Vulnerability in SAP J2EE Engine and Portal EPP
CVE-2018-17861
6.1MEDIUM
What is CVE-2018-17861?
A cross-site scripting (XSS) vulnerability exists in SAP J2EE Engine/7.01/Portal/EPP that allows attackers to inject arbitrary web scripts through the wsdlLib parameter to the /ctcprotocol/Protocol endpoint. This vulnerability is particularly concerning as it impacts products that are no longer maintained by SAP, leaving them exposed to potential exploitation.