Sap netweaver (enterprise portal)
This hub aggregates every CVE we track for Sap netweaver (enterprise portal), a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
20
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM19HIGH1
Monthly trend
0
1
1
0
0
0
0
1
0
0
0
0
0
0
0
1
1
1
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Sap netweaver (enterprise portal).
- CVE-2026-0499Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6.1
- CVE-2025-42872Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6.1
- CVE-2025-42884JNDI Injection vulnerability in SAP NetWeaver Enterprise Portal6.5
- CVE-2025-23194Missing Authentication check in SAP NetWeaver Enterprise Portal (OBN component)5.3
- CVE-2024-47594Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal (KMC)5.4
- CVE-2024-44120Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal4.7
- CVE-2024-25645Information Disclosure vulnerability in SAP NetWeaver (Enterprise Portal)5.3
- CVE-2023-33985Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal6.1
- CVE-2022-35225SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scriptin...6.1
- CVE-2022-35227A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting at...6.1
- CVE-2022-35172SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerabi...6.1
- CVE-2022-35170SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scriptin...6.1
- CVE-2022-32247SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the Use...6.1
- CVE-2022-26105SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the use...6.1
- CVE-2022-24397SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflecte...6.1
Product normalization is registry-driven with AI assist and human review. How it works