Netweaver Portal

CVEs (7)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2017-11460	SAP Netweaver Portal	Med	0.40	6.1	0.00	Jul 25, 2017	Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535.
CVE-2021-33705	SAP Netweaver Portal		0.00	—	0.01	Sep 15, 2021	The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of…
CVE-2018-2365	SAP Netweaver Portal		0.00	—	0.00	Mar 1, 2018	SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2015-6662	SAP Netweaver		0.00	—	0.01	Aug 24, 2015	XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.
CVE-2015-2812	SAP Netweaver Portal		0.00	—	0.01	Apr 1, 2015	XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
CVE-2015-2811	SAP Netweaver Portal		0.00	—	0.01	Apr 1, 2015	XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
CVE-2008-3358	SAP Netweaver		0.00	—	0.01	Jan 28, 2009	Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain…

CVE-2017-11460MedJul 25, 2017
SAP
Netweaver Portal
risk 0.40cvss 6.1epss 0.00
Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535.
CVE-2021-33705Sep 15, 2021
SAP
Netweaver Portal
risk 0.00cvss —epss 0.01
The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of…
CVE-2018-2365Mar 1, 2018
SAP
Netweaver Portal
risk 0.00cvss —epss 0.00
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2015-6662Aug 24, 2015
SAP
Netweaver
risk 0.00cvss —epss 0.01
XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security Note 2168485.
CVE-2015-2812Apr 1, 2015
SAP
Netweaver Portal
risk 0.00cvss —epss 0.01
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
CVE-2015-2811Apr 1, 2015
SAP
Netweaver Portal
risk 0.00cvss —epss 0.01
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
CVE-2008-3358Jan 28, 2009
SAP
Netweaver
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP NetWeaver portal, when Internet Explorer 7.0.5730 is used, allows remote attackers to inject arbitrary web script or HTML via a crafted URI, which causes the XSS payload to be reflected in a text/plain…