SAP

Netweaver Enterprise Portal

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-35172

  • EPSS 0.34%
  • Veröffentlicht 12.07.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:10:51

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

6.1

CVE-2022-32247

  • EPSS 1.86%
  • Veröffentlicht 12.07.2022 21:15:10
  • Zuletzt bearbeitet 21.11.2024 07:06:00

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On success...

6.1

CVE-2022-26105

  • EPSS 1.32%
  • Veröffentlicht 12.04.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:53:26

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On success...

6.1

CVE-2022-24397

  • EPSS 0.52%
  • Veröffentlicht 10.03.2022 17:46:10
  • Zuletzt bearbeitet 21.11.2024 06:50:20

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-perm...

6.1

CVE-2022-24395

  • EPSS 0.34%
  • Veröffentlicht 10.03.2022 17:46:08
  • Zuletzt bearbeitet 21.11.2024 06:50:19

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

4.8

CVE-2021-21489

  • EPSS 0.24%
  • Veröffentlicht 14.09.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 05:48:28

SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privil...

6.1

CVE-2021-33703

  • EPSS 0.67%
  • Veröffentlicht 10.08.2021 15:15:08
  • Zuletzt bearbeitet 21.11.2024 06:09:24

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site...

6.1

CVE-2021-33702

  • EPSS 0.74%
  • Veröffentlicht 10.08.2021 15:15:07
  • Zuletzt bearbeitet 21.11.2024 06:09:24

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim op...

6.1

CVE-2020-6323

  • EPSS 0.36%
  • Veröffentlicht 15.10.2020 02:15:12
  • Zuletzt bearbeitet 21.11.2024 05:35:30

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be per...

6.1

CVE-2018-2435

  • EPSS 0.42%
  • Veröffentlicht 10.07.2018 18:29:01
  • Zuletzt bearbeitet 21.11.2024 04:03:48

SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.