Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-15	CVE-2021-33705	Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Portal The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. network sap CWE-918	5.8
2018-03-01	CVE-2018-2365	Cross-site Scripting vulnerability in SAP Netweaver Portal SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. network sap CWE-79	4.3
2017-07-25	CVE-2017-11460	Cross-site Scripting vulnerability in SAP Netweaver Portal 7.4 Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535. network sap CWE-79	4.3