SAP

Netweaver Enterprise Portal

22 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-23194

  • EPSS 0.09%
  • Published 11.03.2025 01:15:34
  • Last modified 11.03.2025 01:15:34

SAP NetWeaver Enterprise Portal OBN does not perform proper authentication check for a particular configuration setting. As result, a non-authenticated user can set it to an undesired value causing low impact on integrity. There is no impact on confi...

5.4

CVE-2024-47594

  • EPSS 0.15%
  • Published 08.10.2024 04:15:09
  • Last modified 14.11.2024 16:12:13

SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is regi...

4.7

CVE-2024-44120

  • EPSS 0.44%
  • Published 10.09.2024 05:15:11
  • Last modified 10.09.2024 12:09:50

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this ...

5.3

CVE-2024-25645

  • EPSS 0.29%
  • Published 12.03.2024 01:15:49
  • Last modified 07.02.2025 17:24:54

Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availab...

6.5

CVE-2023-28761

  • EPSS 0.22%
  • Published 11.04.2023 03:15:07
  • Last modified 21.11.2024 07:55:57

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited imp...

4.9

CVE-2023-26461

  • EPSS 0.12%
  • Published 14.03.2023 05:15:30
  • Last modified 21.11.2024 07:51:32

SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitiv...

6.1

CVE-2022-35298

  • EPSS 0.54%
  • Published 13.09.2022 16:15:08
  • Last modified 21.11.2024 07:11:04

SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registere...

6.1

CVE-2022-35227

  • EPSS 0.3%
  • Published 12.07.2022 21:15:11
  • Last modified 21.11.2024 07:10:56

A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker t...

6.1

CVE-2022-35225

  • EPSS 0.34%
  • Published 12.07.2022 21:15:11
  • Last modified 21.11.2024 07:10:55

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope o...

6.1

CVE-2022-35170

  • EPSS 0.34%
  • Published 12.07.2022 21:15:10
  • Last modified 21.11.2024 07:10:51

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope o...