Netweaver Enterprise Portal Security Vulnerabilities and Issues — Netweaver Enterprise Portal CVE List

Lucene search

SapNetweaver Enterprise Portal

3 matches found

CVE•added 2021/08/10 3:15 p.m.•66 views

CVE-2021-33703

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability.

8.3CVSS5.9AI score0.00811EPSS

CVE•added 2021/08/10 3:15 p.m.•64 views

CVE-2021-33702

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets exe...

8.3CVSS5.8AI score0.00899EPSS

CVE•added 2021/09/14 12:15 p.m.•40 views

CVE-2021-21489

SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. T...

4.8CVSS4.8AI score0.00237EPSS