20 matches found
CVE-2022-24395
CVE-2022-24395 affects SAP NetWeaver Enterprise Portal across versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. The vulnerability arises from insufficient encoding of user-controlled inputs, leading to a reflected XSS condition. The issue is consistently described across multiple sources (NV...
CVE-2022-24397
CVE-2022-24397 affects SAP NetWeaver Enterprise Portal versions 7.30, 7.31, 7.40 and 7.50. The root cause is insufficient encoding of user-controlled inputs, enabling reflected XSS that can deface or modify displayed portal content and potentially compromise the victim’s browser confidentiality a...
CVE-2022-26105
CVE-2022-26105 affects SAP NetWeaver Enterprise Portal versions 7.10 through 7.50. The issue is described as an unauthenticated script execution vulnerability due to improper sanitization of user inputs during network interaction, leading to potential view/modify of information with limited impac...
CVE-2020-6323
The CVE-2020-6323 entry describes a Cross-Site Scripting vulnerability in SAP NetWeaver Enterprise Portal (Fiori Framework Page) for versions 7.50, 7.31, and 7.40. The underlying issue is inadequate encoding of user-controlled inputs, allowing an attacker with a valid session to craft input that ...
CVE-2021-33703
The CVE-2021-33703 vulnerability affects SAP NetWeaver Enterprise Portal (versions 7.30, 7.31, 7.40, 7.50). Root cause: inadequate encoding of URL parameters in portal servlets, enabling an attacker to craft a malicious link that causes a Reflected XSS when a user visits the link. Impact describe...
CVE-2021-33702
CVE-2021-33702 affects SAP NetWeaver Enterprise Portal (versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). The issue arises from insufficient encoding of report data in one of the portal’s servlets, allowing an attacker to inject malicious data that, when a report is opened, executes a script in...
CVE-2022-35172
SAP NetWeaver Enterprise Portal (versions 7.10–7.50) contains a reflected XSS vulnerability due to insufficient encoding of user-controlled inputs. Exploitation details (payloads, vectors) are not provided in the connected documents. The issue is documented across multiple feeds (NVD, Red Hat, CN...
CVE-2024-25645
The CVE-2024-25645 entry concerns SAP NetWeaver (Enterprise Portal) version 7.50, where an information disclosure vulnerability could permit access to restricted data, causing low confidentiality impact with no integrity/availability impact. The connected records confirm the affected product and ...
CVE-2023-28761
CVE-2023-28761 affects SAP NetWeaver Enterprise Portal 7.50. An unauthenticated attacker can attach to an open interface and use an open API to access or modify server settings and data, with limited confidentiality and integrity impact. Root cause appears to be missing authentication checks on t...
CVE-2022-35225
The CVE-2022-35225 vulnerability affects SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. It is a reflected Cross-Site Scripting issue caused by insufficient encoding of user-controlled inputs over the network, with reported impact described as limited on con...
CVE-2022-35170
Summary of CVE-2022-35170 : Affected product is SAP NetWeaver Enterprise Portal (versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). The vulnerability is a reflected Cross-Site Scripting (XSS) flaw caused by insufficient encoding of user-controlled inputs transmitted over the network. The resulti...
CVE-2022-32247
CVE-2022-32247 affects SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. A cross-site scripting vulnerability arises from improper sanitization of user inputs during network interactions, allowing an unauthenticated attacker to view or modify information and causi...
CVE-2022-35298
Summary: CVE-2022-35298 affects SAP NetWeaver Enterprise Portal (KMC) 7.50. The vulnerability stems from insufficient encoding of user-controlled inputs in the KMC servlet, allowing Cross-Site Scripting. Affected component: SAP NetWeaver Enterprise Portal (KMC) servlet, version 7.50, running on t...
CVE-2022-35227
CVE-2022-35227 — SAP NW EP (WPC) : A cross-site scripting vulnerability affects SAP NetWeaver EP (WPC) versions 7.30, 7.31, 7.40, and 7.50 due to inadequate validation of user-controlled input. A remote attacker could exploit this to run arbitrary script code, potentially stealing or modifying us...
CVE-2015-2811
CVE-2015-2811 describes an XXE vulnerability in SAP NetWeaver Portal’s ReportXmlViewer (SAP NetWeaver Portal 7.31.201109172004). The underlying issue is that the SAP XML parser validates all incoming XML requests with a user-specified DTD, enabling external entities to be processed. This can lead...
CVE-2024-47594
SAP NetWeaver Enterprise Portal (KMC) is affected by a Cross-Site Scripting vulnerability arising from insufficient encoding of user-controlled inputs in the KMC servlet. The PT-2024-7175 entry specifies affected software: SAP NetWeaver Enterprise Portal (KMC) versions 7.5, enabling remote attack...
CVE-2021-21489
CVE-2021-21489 affects SAP NetWeaver Enterprise Portal versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. Root cause: insufficient encoding of user-related data leading to Stored XSS, enabling an attacker with administrative privileges to store malicious scripts that could affect portal conte...
CVE-2018-2435
CVE-2018-2435 affects SAP NetWeaver Enterprise Portal versions 7.0–7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insufficient encoding of user-controlled inputs. The connected documents confirm the affected product scope and vulnerabil...
CVE-2023-26461
Summary : CVE-2023-26461 affects SAP NetWeaver (SAP Enterprise Portal) 7.50. Affected component: the XML parser; root cause is processing of crafted XML that allows an authenticated user with sufficient privileges to view, but not modify, sensitive data. This is a network-based vulnerability with...
CVE-2015-2812
CVE-2015-2812 affects SAP NetWeaver Portal 7.31.201109172004, via XMLValidationComponent (parserXMLValidationComponent). The vulnerability is caused by the XML parser’s default handling of external entities (XXE), allowing a remote attacker to send crafted XML that can read internal resources or ...