Lucene search
+L
SapNetweaver Enterprise Portal

20 matches found

CVE
CVE
added 2022/03/08 1:36 p.m.101 views

CVE-2022-24395

CVE-2022-24395 affects SAP NetWeaver Enterprise Portal across versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. The vulnerability arises from insufficient encoding of user-controlled inputs, leading to a reflected XSS condition. The issue is consistently described across multiple sources (NV...

6.1CVSS6AI score0.006EPSS
CVE
CVE
added 2022/03/09 4:47 p.m.98 views

CVE-2022-24397

CVE-2022-24397 affects SAP NetWeaver Enterprise Portal versions 7.30, 7.31, 7.40 and 7.50. The root cause is insufficient encoding of user-controlled inputs, enabling reflected XSS that can deface or modify displayed portal content and potentially compromise the victim’s browser confidentiality a...

6.1CVSS5.9AI score0.00804EPSS
CVE
CVE
added 2022/04/12 4:11 p.m.83 views

CVE-2022-26105

CVE-2022-26105 affects SAP NetWeaver Enterprise Portal versions 7.10 through 7.50. The issue is described as an unauthenticated script execution vulnerability due to improper sanitization of user inputs during network interaction, leading to potential view/modify of information with limited impac...

6.1CVSS6.3AI score0.00855EPSS
CVE
CVE
added 2020/10/15 1:45 a.m.79 views

CVE-2020-6323

The CVE-2020-6323 entry describes a Cross-Site Scripting vulnerability in SAP NetWeaver Enterprise Portal (Fiori Framework Page) for versions 7.50, 7.31, and 7.40. The underlying issue is inadequate encoding of user-controlled inputs, allowing an attacker with a valid session to craft input that ...

6.1CVSS5.9AI score0.00648EPSS
CVE
CVE
added 2021/08/10 2:8 p.m.78 views

CVE-2021-33703

The CVE-2021-33703 vulnerability affects SAP NetWeaver Enterprise Portal (versions 7.30, 7.31, 7.40, 7.50). Root cause: inadequate encoding of URL parameters in portal servlets, enabling an attacker to craft a malicious link that causes a Reflected XSS when a user visits the link. Impact describe...

8.3CVSS5.9AI score0.01482EPSS
CVE
CVE
added 2021/08/10 2:8 p.m.77 views

CVE-2021-33702

CVE-2021-33702 affects SAP NetWeaver Enterprise Portal (versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). The issue arises from insufficient encoding of report data in one of the portal’s servlets, allowing an attacker to inject malicious data that, when a report is opened, executes a script in...

8.3CVSS5.8AI score0.01482EPSS
CVE
CVE
added 2022/07/12 8:28 p.m.73 views

CVE-2022-35172

SAP NetWeaver Enterprise Portal (versions 7.10–7.50) contains a reflected XSS vulnerability due to insufficient encoding of user-controlled inputs. Exploitation details (payloads, vectors) are not provided in the connected documents. The issue is documented across multiple feeds (NVD, Red Hat, CN...

6.1CVSS5.9AI score0.00565EPSS
CVE
CVE
added 2024/03/12 12:53 a.m.73 views

CVE-2024-25645

The CVE-2024-25645 entry concerns SAP NetWeaver (Enterprise Portal) version 7.50, where an information disclosure vulnerability could permit access to restricted data, causing low confidentiality impact with no integrity/availability impact. The connected records confirm the affected product and ...

5.3CVSS5.4AI score0.0041EPSS
CVE
CVE
added 2023/04/11 2:51 a.m.72 views

CVE-2023-28761

CVE-2023-28761 affects SAP NetWeaver Enterprise Portal 7.50. An unauthenticated attacker can attach to an open interface and use an open API to access or modify server settings and data, with limited confidentiality and integrity impact. Root cause appears to be missing authentication checks on t...

6.5CVSS6.5AI score0.00379EPSS
CVE
CVE
added 2022/07/12 8:28 p.m.69 views

CVE-2022-35225

The CVE-2022-35225 vulnerability affects SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. It is a reflected Cross-Site Scripting issue caused by insufficient encoding of user-controlled inputs over the network, with reported impact described as limited on con...

6.1CVSS5.9AI score0.00565EPSS
CVE
CVE
added 2022/07/12 8:28 p.m.67 views

CVE-2022-35170

Summary of CVE-2022-35170 : Affected product is SAP NetWeaver Enterprise Portal (versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). The vulnerability is a reflected Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs transmitted over the network. The resulti...

6.1CVSS5.9AI score0.00565EPSS
CVE
CVE
added 2022/07/12 8:27 p.m.66 views

CVE-2022-32247

CVE-2022-32247 affects SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. A cross-site scripting vulnerability arises from improper sanitization of user inputs during network interactions, allowing an unauthenticated attacker to view or modify information and causi...

6.1CVSS6.2AI score0.00794EPSS
CVE
CVE
added 2022/09/13 3:43 p.m.66 views

CVE-2022-35298

Summary: CVE-2022-35298 affects SAP NetWeaver Enterprise Portal (KMC) 7.50. The vulnerability stems from insufficient encoding of user-controlled inputs in the KMC servlet, allowing Cross-Site Scripting. Affected component: SAP NetWeaver Enterprise Portal (KMC) servlet, version 7.50, running on t...

6.1CVSS5.9AI score0.00427EPSS
CVE
CVE
added 2022/07/12 8:28 p.m.63 views

CVE-2022-35227

CVE-2022-35227 — SAP NW EP (WPC) : A cross-site scripting vulnerability affects SAP NetWeaver EP (WPC) versions 7.30, 7.31, 7.40, and 7.50 due to inadequate validation of user-controlled input. A remote attacker could exploit this to run arbitrary script code, potentially stealing or modifying us...

6.1CVSS6.3AI score0.00675EPSS
CVE
CVE
added 2015/04/01 2:0 p.m.60 views

CVE-2015-2811

CVE-2015-2811 describes an XXE vulnerability in SAP NetWeaver Portal’s ReportXmlViewer (SAP NetWeaver Portal 7.31.201109172004). The underlying issue is that the SAP XML parser validates all incoming XML requests with a user-specified DTD, enabling external entities to be processed. This can lead...

5CVSS6.7AI score0.0238EPSS
CVE
CVE
added 2024/10/08 3:21 a.m.57 views

CVE-2024-47594

SAP NetWeaver Enterprise Portal (KMC) is affected by a Cross-Site Scripting vulnerability arising from insufficient encoding of user-controlled inputs in the KMC servlet. The PT-2024-7175 entry specifies affected software: SAP NetWeaver Enterprise Portal (KMC) versions 7.5, enabling remote attack...

5.4CVSS5.3AI score0.00245EPSS
CVE
CVE
added 2021/09/14 11:15 a.m.55 views

CVE-2021-21489

CVE-2021-21489 affects SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. Root cause: insufficient encoding of user-related data leading to Stored XSS, enabling an attacker with administrative privileges to store malicious scripts that could affect portal conte...

4.8CVSS4.8AI score0.00575EPSS
CVE
CVE
added 2018/07/10 6:0 p.m.54 views

CVE-2018-2435

CVE-2018-2435 affects SAP NetWeaver Enterprise Portal versions 7.0–7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insufficient encoding of user-controlled inputs. The connected documents confirm the affected product scope and vulnerabil...

6.1CVSS5.9AI score0.01016EPSS
CVE
CVE
added 2023/03/14 4:56 a.m.54 views

CVE-2023-26461

Summary : CVE-2023-26461 affects SAP NetWeaver (SAP Enterprise Portal) 7.50. Affected component: the XML parser; root cause is processing of crafted XML that allows an authenticated user with sufficient privileges to view, but not modify, sensitive data. This is a network-based vulnerability with...

6.8CVSS5.1AI score0.00517EPSS
CVE
CVE
added 2015/04/01 2:0 p.m.48 views

CVE-2015-2812

CVE-2015-2812 affects SAP NetWeaver Portal 7.31.201109172004, via XMLValidationComponent (parserXMLValidationComponent). The vulnerability is caused by the XML parser’s default handling of external entities (XXE), allowing a remote attacker to send crafted XML that can read internal resources or ...

5CVSS6.7AI score0.02485EPSS