VYPR

NetWeaver Enterprise Portal Federated Portal Network

by SAP

CVEs (9)

  • CVE-2025-42980CriJul 8, 2025
    risk 0.59cvss 9.1epss 0.01

    SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.

  • CVE-2023-26461MedMar 14, 2023
    risk 0.44cvss 6.8epss 0.01

    SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows…

  • CVE-2023-28761MedApr 11, 2023
    risk 0.42cvss 6.5epss 0.00

    In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and…

  • CVE-2023-33985MedJun 13, 2023
    risk 0.40cvss 6.1epss 0.01

    SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. On successful exploitation, an attacker can view or…

  • CVE-2018-2435MedJul 10, 2018
    risk 0.40cvss 6.1epss 0.01

    SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

  • CVE-2024-47594MedOct 8, 2024
    risk 0.35cvss 5.4epss 0.00

    SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability in KMC servlet. An attacker could craft a script and trick the user into clicking it. When a victim who is registered on the portal clicks…

  • CVE-2024-25645MedMar 12, 2024
    risk 0.34cvss 5.3epss 0.00

    Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application.

  • CVE-2015-2812Apr 1, 2015
    risk 0.00cvss epss 0.02

    XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.

  • CVE-2015-2811Apr 1, 2015
    risk 0.00cvss epss 0.02

    XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.