Sap Netweaver Portal vulnerabilities
3 known vulnerabilities affecting sap/netweaver_portal.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-33705HIGHCVSS 8.1v7.10v7.11+5 more2021-09-15
CVE-2021-33705 [HIGH] CWE-918 CVE-2021-33705: The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Edit
The SAP NetWeaver Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, component Iviews Editor contains a Server-Side Request Forgery (SSRF) vulnerability which allows an unauthenticated attacker to craft a malicious URL which when clicked by a user can make any type of request (e.g. POST, GET) to any internal or external server. This can resu
nvd
CVE-2018-2365MEDIUMCVSS 6.1v7.30v7.31+2 more2018-03-01
CVE-2018-2365 [MEDIUM] CWE-79 CVE-2018-2365: SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user cont
SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
nvd
CVE-2017-11460MEDIUMCVSS 6.1v7.42017-07-25
CVE-2017-11460 [MEDIUM] CWE-79 CVE-2017-11460: Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal
Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535.
nvd