Sap Netweaver Enterprise Portal — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Netweaver Enterprise Portal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2023-26461 — CVSS 6.8 (medium): SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML…
CVE-2023-28761 — CVSS 6.5 (medium): In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API…
CVE-2020-6323 — CVSS 6.1 (medium): SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and…
CVE-2021-33702 — CVSS 6.1 (medium): Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode…
CVE-2021-33703 — CVSS 6.1 (medium): Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An…
CVE-2022-24395 — CVSS 6.1 (medium): SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs…
CVE-2022-24397 — CVSS 6.1 (medium): SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in…
CVE-2022-26105 — CVSS 6.1 (medium): SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an…
CVE-2022-32247 — CVSS 6.1 (medium): SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an…
CVE-2022-35170 — CVSS 6.1 (medium): SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs…
CVE-2022-35172 — CVSS 6.1 (medium): SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs…
CVE-2022-35225 — CVSS 6.1 (medium): SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs…
CVE-2022-35298 — CVSS 6.1 (medium): SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site…
CVE-2022-35227 — CVSS 6.1 (medium): A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a…
CVE-2018-2435 — CVSS 6.1 (medium): SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs…
CVE-2024-47594 — CVSS 5.4 (medium): SAP NetWeaver Enterprise Portal (KMC) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability…
CVE-2024-25645 — CVSS 5.3 (medium): Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be…
CVE-2015-2812 — CVSS 5.0 (medium): XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send…
CVE-2015-2811 — CVSS 5.0 (medium): XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send…
CVE-2021-21489 — CVSS 4.8 (medium): SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data…