Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Filtered by product Netweaver Enterprise Portal
Total 19 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-47594 1 Sap 1 Netweaver Enterprise Portal 2024-11-14 N/A 5.4 MEDIUM
SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks on such link, confidentiality and integrity of their web browser session could be compromised.
CVE-2023-28761 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 N/A 6.5 MEDIUM
In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.
CVE-2023-26461 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 N/A 4.9 MEDIUM
SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges.
CVE-2022-35298 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 N/A 6.1 MEDIUM
SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser session.
CVE-2022-35225 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.
CVE-2022-32247 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
CVE-2022-35227 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session.
CVE-2022-35172 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2022-35170 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.
CVE-2022-24397 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser.
CVE-2022-24395 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2022-26105 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.
CVE-2021-21489 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 3.5 LOW 4.8 MEDIUM
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content.
CVE-2021-33702 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 2.6 LOW 6.1 MEDIUM
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability.
CVE-2021-33703 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 2.6 LOW 6.1 MEDIUM
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2020-6323 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
CVE-2018-2435 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 4.3 MEDIUM 6.1 MEDIUM
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2015-2812 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 5.0 MEDIUM N/A
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
CVE-2015-2811 1 Sap 1 Netweaver Enterprise Portal 2024-02-28 5.0 MEDIUM N/A
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.