Sap_se Sap Netweaver Enterprise Portal
5 CVEs affecting Sap_se Sap Netweaver Enterprise Portal. Latest disclosed: 2026-01-13. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-42884 | Medium | 6.5 | 2025-11-11 | SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject JNDI environment properties or pass a URL used during JNDI lookup operations, enab… |
CVE-2026-0499 | Medium | 6.1 | 2026-01-13 | SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server re… |
CVE-2025-42872 | Medium | 6.1 | 2025-12-09 | Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute i… |
CVE-2023-33985 | Medium | 6.1 | 2023-06-13 | SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripti… |
CVE-2024-44120 | Medium | 4.7 | 2024-09-10 | SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attac… |