VYPR
Medium severity6.1NVD Advisory· Published Jul 25, 2017· Updated Jun 17, 2026

CVE-2017-11458

CVE-2017-11458

Description

Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.