Vulnerabilities > SAP > Netweaver Enterprise Portal

DATE CVE VULNERABILITY TITLE RISK
2021-09-14 CVE-2021-21489 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
3.5
3.5
2021-08-10 CVE-2021-33702 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data.
network
high complexity
sap CWE-79
2.6
2.6
2021-08-10 CVE-2021-33703 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters.
network
high complexity
sap CWE-79
2.6
2.6
2020-10-15 CVE-2020-6323 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal 7.31/7.40/7.50
SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting.
network
sap CWE-79
4.3
4.3
2018-07-10 CVE-2018-2435 Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal
SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3
4.3
2015-04-01 CVE-2015-2812 XML External Entity Information Disclosure vulnerability in SAP Netweaver Enterprise Portal 7.31
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
network
low complexity
sap
5.0
5.0
2015-04-01 CVE-2015-2811 Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.31
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
network
low complexity
sap
5.0
5.0