cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2018-17861,https://securityvulnerability.io/vulnerability/CVE-2018-17861,,A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer,SAP,J2ee Engine,6.1,MEDIUM,0.0017099999822676182,false,false,false,false,,false,false,2021-08-09T18:30:35.000Z,0
CVE-2018-17865,https://securityvulnerability.io/vulnerability/CVE-2018-17865,,A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer,SAP,J2ee Engine,6.1,MEDIUM,0.0008500000112690032,false,false,false,false,,false,false,2021-08-09T18:30:33.000Z,0
CVE-2018-17862,https://securityvulnerability.io/vulnerability/CVE-2018-17862,,A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer,SAP,J2ee Engine,6.1,MEDIUM,0.0017099999822676182,false,false,false,false,,false,false,2021-08-09T18:30:30.000Z,0
CVE-2018-2415,https://securityvulnerability.io/vulnerability/CVE-2018-2415,,"SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.",SAP,"SAP Netweaver Application Server (engine Api),SAP Netweaver Application Server (j2ee Engine Server Core)",4.7,MEDIUM,0.0013899999903514981,false,false,false,false,,false,false,2018-05-09T20:00:00.000Z,0
CVE-2015-7239,https://securityvulnerability.io/vulnerability/CVE-2015-7239,,SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.,SAP,Netweaver J2ee Engine,,,0.0014100000262260437,false,false,false,false,,false,false,2015-09-18T14:00:00.000Z,0
CVE-2013-7357,https://securityvulnerability.io/vulnerability/CVE-2013-7357,,Unspecified vulnerability in the configuration service in SAP J2EE Engine allows remote attackers to obtain credential information via unknown vectors.,SAP,J2ee Engine,,,0.0032099999953061342,false,false,false,false,,false,false,2014-04-10T20:55:00.000Z,0
CVE-2010-2347,https://securityvulnerability.io/vulnerability/CVE-2010-2347,,"The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors.",SAP,J2ee Engine Core,,,0.0018700000364333391,false,false,false,false,,false,false,2010-06-21T19:00:00.000Z,0