Skip to main content

NetWeaver Enterprise Portal EUVDEUVD-2026-43589

| CVE-2026-44759 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-07-14 sap GHSA-fhgw-7ffq-9wp7
6.1
CVSS 3.1 · Vendor: sap
Share

Severity by source

Vendor (sap) PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vuln.today AI
6.1 MEDIUM

Network-reachable unauthenticated endpoint (AV:N/PR:N); scope change to browser context (S:C); low C/I reflect session theft and content manipulation; UI:R required for reflected delivery.

3.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (sap).

CVSS VectorVendor: sap

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jul 14, 2026 - 01:20 vuln.today
CVE Published
Jul 14, 2026 - 00:20 cve.org
MEDIUM 6.1

DescriptionCVE.org

SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.

AnalysisAI

Reflected cross-site scripting in SAP NetWeaver Enterprise Portal enables unauthenticated remote attackers to inject arbitrary JavaScript into URL parameters that are echoed back unencoded in server responses. When a victim with an active portal session visits a crafted URL, the injected script executes in their browser under the portal's origin, permitting session token theft, unauthorized manipulation of portal content, or forced redirection to attacker-controlled resources. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify Internet-facing SAP portal instance
Delivery
Craft malicious URL embedding XSS payload in vulnerable parameter
Exploit
Deliver link to authenticated portal user via phishing
Execution
Victim clicks URL and browser reflects injected script
Persist
Exfiltrate session token to attacker-controlled endpoint
Impact
Hijack victim's portal session

Vulnerability AssessmentAI

Exploitation The CVSS vector PR:N/AC:L confirms the vulnerable URL parameter is accessible without authentication and requires no special portal configuration or feature enablement - any default deployment of SAP NetWeaver Enterprise Portal exposing the portal to network-reachable clients is affected. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.1 Medium score (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) reflects a meaningful but bounded risk profile. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker identifies an organization's Internet-facing SAP NetWeaver Enterprise Portal and crafts a URL embedding a JavaScript payload in the vulnerable parameter - for example, a script to exfiltrate document.cookie to an attacker-controlled host. The attacker sends this link via phishing email to a portal administrator or finance user with elevated SAP roles, spoofing a legitimate SAP notification. …
Remediation The primary remediation is to apply SAP's patch as documented in SAP Note 3746678 (https://me.sap.com/notes/3746678); the exact patched version or support package stack level must be confirmed via that note, as specific version details are not independently available from the current data set - consult the SAP Security Patch Day page (https://url.sap/sapsecuritypatchday) for release-specific guidance. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43589 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy