SAP NetWeaver Enterprise Portal Vulnerable to Reflected Cross-Site Scripting

CVE-2024-44120

4.7MEDIUM

Key Information

Vendor: SAP
Status: SAP Netweaver Enterprise Portal
Vendor: CVE Published:; 10 September 2024

Summary

SAP NetWeaver Enterprise Portal is vulnerable to reflected cross site scripting due to insufficient encoding of user-controlled input. An unauthenticated attacker could craft a malicious URL and trick a user to click it. If the victim clicks on this crafted URL before it times out, then the attacker could read and manipulate user content in the browser.

Affected Version(s)

SAP NetWeaver Enterprise Portal = 7.50

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Sep 10, 2024
Vulnerability Reserved.
Aug 20, 2024

Collectors

NVD DatabaseMitre Database