Sap Netweaver_enterprise_portal
20 CVEs affecting Sap Netweaver_enterprise_portal. Latest disclosed: 2024-10-08. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-26461 | Medium | 6.8 | 2023-03-14 | SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can sub… |
CVE-2023-28761 | Medium | 6.5 | 2023-04-11 | In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service… |
CVE-2022-35298 | Medium | 6.1 | 2022-09-13 | SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC… |
CVE-2022-35227 | Medium | 6.1 | 2022-07-12 | A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to c… |
CVE-2022-35225 | Medium | 6.1 | 2022-07-12 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resu… |
CVE-2022-35172 | Medium | 6.1 | 2022-07-12 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflecte… |
CVE-2022-35170 | Medium | 6.1 | 2022-07-12 | SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resu… |
CVE-2022-32247 | Medium | 6.1 | 2022-07-12 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker d… |
CVE-2022-26105 | Medium | 6.1 | 2022-04-12 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker d… |
CVE-2022-24397 | Medium | 6.1 | 2022-03-10 | SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scrip… |
CVE-2022-24395 | Medium | 6.1 | 2022-03-10 | SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflecte… |
CVE-2021-33703 | Medium | 6.1 | 2021-08-10 | Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a… |
CVE-2021-33702 | Medium | 6.1 | 2021-08-10 | Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attack… |
CVE-2020-6323 | Medium | 6.1 | 2020-10-15 | SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker… |
CVE-2018-2435 | Medium | 6.1 | 2018-07-10 | SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-S… |
CVE-2024-47594 | Medium | 5.4 | 2024-10-08 | SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An a… |
CVE-2024-25645 | Medium | 5.3 | 2024-03-12 | Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing l… |
CVE-2021-21489 | Medium | 4.8 | 2021-09-14 | SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-… |
CVE-2015-2812 | | 2015-04-01 | XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intrane… | |
CVE-2015-2811 | | 2015-04-01 | XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet serve… |