SAP

Netweaver Enterprise Portal

22 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-35172

  • EPSS 0.34%
  • Published 12.07.2022 21:15:10
  • Last modified 21.11.2024 07:10:51

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

6.1

CVE-2022-32247

  • EPSS 1.86%
  • Published 12.07.2022 21:15:10
  • Last modified 21.11.2024 07:06:00

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On success...

6.1

CVE-2022-26105

  • EPSS 1.32%
  • Published 12.04.2022 17:15:09
  • Last modified 21.11.2024 06:53:26

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On success...

6.1

CVE-2022-24397

  • EPSS 0.52%
  • Published 10.03.2022 17:46:10
  • Last modified 21.11.2024 06:50:20

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-perm...

6.1

CVE-2022-24395

  • EPSS 0.34%
  • Published 10.03.2022 17:46:08
  • Last modified 21.11.2024 06:50:19

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

4.8

CVE-2021-21489

  • EPSS 0.24%
  • Published 14.09.2021 12:15:08
  • Last modified 21.11.2024 05:48:28

SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privil...

6.1

CVE-2021-33703

  • EPSS 0.67%
  • Published 10.08.2021 15:15:08
  • Last modified 21.11.2024 06:09:24

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site...

6.1

CVE-2021-33702

  • EPSS 0.74%
  • Published 10.08.2021 15:15:07
  • Last modified 21.11.2024 06:09:24

Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim op...

6.1

CVE-2020-6323

  • EPSS 0.36%
  • Published 15.10.2020 02:15:12
  • Last modified 21.11.2024 05:35:30

SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be per...

6.1

CVE-2018-2435

  • EPSS 0.42%
  • Published 10.07.2018 18:29:01
  • Last modified 21.11.2024 04:03:48

SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.