30 matches found
PT-2026-24161
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal versions prior to 7.50 Description A privileged user uploading untrusted or malicious content that, when deserialized, could compromise the confidentiality, integrity, and availability of the host system. This...
CVE-2026-0499
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal...
PT-2026-2335
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal affected versions not specified Description An unauthenticated attacker can inject malicious scripts into a URL parameter. These scripts are reflected in the server response and executed in a user's browser when...
CVE-2025-42872
CVE-2025-42872 describes a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal. An unauthenticated attacker can inject scripts that run in other users’ browsers, potentially stealing session cookies, tokens, and other sensitive information. The impact is characterized as l...
CVE-2025-42884 JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal
SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enabling access to an unintended JNDI provider.�This could further lead to disclosure or modification of information about the server. There i...
CVE-2025-42884
CVE-2025-42884 affects SAP NetWeaver Enterprise Portal. The issue allows an unauthenticated attacker to inject JNDI environment properties or pass a URL during JNDI lookup, enabling access to an unintended JNDI provider and potentially leading to disclosure or modification of server information (...
PT-2025-46225
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal affected versions not specified Description An unauthenticated attacker can inject JNDI environment properties or provide a URL during JNDI lookup operations. This could allow access to an unintended JNDI...
EUVD-2021-20382
Malware in sbrugna...
EUVD-2015-6600
Malware in sbrugna...
EUVD-2017-3081
Malware in sbrugna...
EUVD-2018-14220
Malware in sbrugna...
EUVD-2021-8762
Malicious code in bioql PyPI...
CVE-2022-24397
SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of...
CVE-2021-33705
The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery SSRF vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request e.g. POST, G...
CVE-2022-35170
SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting XSS vulnerability, therefore changing the scope of the attack. This leads to limited impact on...
SAP NetWeaver Portal 跨站脚本漏洞
SAP NetWeaver Portal is a component of SAP NetWeaver architecture from SAP Germany. A cross-site scripting vulnerability exists in SAP NetWeaver Portal versions 7.30, 7.31, 7.40, and 7.50, which stems from a failure to adequately validate user-controlled input, and which can be exploited by an...
CVE-2021-33705
The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery SSRF vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request e.g. POST, G...
CVE-2021-33705
The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery SSRF vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request e.g. POST, G...
http-sap-netweaver-leak NSE Script
Detects SAP Netweaver Portal instances that allow anonymous access to the KM unit navigation page. This page leaks file names, ldap users, etc. SAP Netweaver Portal with the Knowledge Management Unit enable allows unauthenticated users to list file system directories through the URL...
CVE-2018-2435
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...