2 results (0.008 seconds)

CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser. • https://me.sap.com/notes/3498221 https://url.sap/sapsecuritypatchday • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application. Bajo ciertas condiciones, SAP NetWeaver (Enterprise Portal): la versión 7.50 permite a un atacante acceder a información que de otro modo estaría restringida, lo que causa un impacto bajo en la confidencialidad de la aplicación y sin impacto en la integridad y disponibilidad de la aplicación. • https://me.sap.com/notes/3428847 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •