Vulnerabilities > SAP > Netweaver Enterprise Portal
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-14 | CVE-2021-21489 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. | 3.5 |
2021-08-10 | CVE-2021-33702 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. | 2.6 |
2021-08-10 | CVE-2021-33703 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. | 2.6 |
2020-10-15 | CVE-2020-6323 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.31/7.40/7.50 SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting. | 4.3 |
2018-07-10 | CVE-2018-2435 | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.3 |
2015-04-01 | CVE-2015-2812 | XML External Entity Information Disclosure vulnerability in SAP Netweaver Enterprise Portal 7.31 XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966. | 5.0 |
2015-04-01 | CVE-2015-2811 | Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.31 XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939. | 5.0 |