CNNVD-202601-2334 Information
CNNVD ID
CNNVD-202601-2334
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
SAP NetWeaver Enterprise Portal是德国思爱普(SAP)公司的一个 SAP NetWeaver的 Web 前端组件。 SAP NetWeaver Enterprise Portal存在跨站脚本漏洞,该漏洞源于未经验证的攻击者可向URL参数注入恶意脚本,可能导致会话信息窃取、门户内容操纵或用户重定向,对应用程序机密性和完整性造成低影响。
Description (English)
SAP NetWeaver Enterprise Portal is a Swedish front-end component of SAP NetWeaver of SAP Germany. SAP NetWeaver Enterprise Portal has a cross-site script loophole, which stems from unverified assailants who can inject malicious scripts into URL parameters, which can lead to the theft of conversational information, the manipulation of portal content or re-direction of users, with low impact on the confidentiality and integrity of the application.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
思爱普
Published
2026-01-13
Last Modified
2026-02-24
References
https://me.sap.com/notes/3687372 https://url.sap/sapsecuritypatchday
Patch
https://url.sap/sapsecuritypatchday
Share on: