Vulnerabilities > SAP > Netweaver Enterprise Portal

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-24395 Unspecified vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap
6.1
2022-03-10 CVE-2022-24397 Unspecified vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website.
network
low complexity
sap
6.1
2021-09-14 CVE-2021-21489 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
4.8
2021-08-10 CVE-2021-33702 Unspecified vulnerability in SAP Netweaver Enterprise Portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data.
network
low complexity
sap
6.1
2021-08-10 CVE-2021-33703 Unspecified vulnerability in SAP Netweaver Enterprise Portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters.
network
low complexity
sap
6.1
2020-10-15 CVE-2020-6323 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.31/7.40/7.50
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
network
low complexity
sap CWE-79
6.1
2018-07-10 CVE-2018-2435 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1