Vulnerabilities > SAP > Netweaver Development Infrastructure > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-14 | CVE-2022-29618 | Unspecified vulnerability in SAP Netweaver Development Infrastructure Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. | 6.1 |
2021-09-15 | CVE-2021-33691 | Cross-site Scripting vulnerability in SAP Netweaver Development Infrastructure 7.31/7.40/7.50 NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. | 6.1 |