Vulnerabilities > SAP > Netweaver Enterprise Portal > 7.40
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-10 | CVE-2021-33703 | Unspecified vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. | 6.1 |
| 2020-10-15 | CVE-2020-6323 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.31/7.40/7.50 SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting. | 6.1 |
| 2018-07-10 | CVE-2018-2435 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |