CVE-2018-17861

Name of the Vulnerable Software and Affected Versions SAP J2EE Engine/7.01/Portal/EPP version 7.01

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script via the wsdlLib parameter to "/ctcprotocol/Protocol". This issue only affects products that are no longer supported by the maintainer.

Recommendations For SAP J2EE Engine/7.01/Portal/EPP version 7.01, as the product is no longer supported, consider disabling the /ctcprotocol/Protocol endpoint or restricting access to it to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.