{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0499", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2025-12-09T22:06:40.557Z", "datePublished": "2026-01-13T01:13:47.482Z", "dateUpdated": "2026-01-13T14:47:20.849Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver Enterprise Portal", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "EP-RUNTIME 7.50"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.</p>"}], "value": "SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation", "lang": "eng", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-01-13T01:13:47.482Z"}, "references": [{"url": "https://me.sap.com/notes/3687372"}, {"url": "https://url.sap/sapsecuritypatchday"}], "source": {"discovery": "UNKNOWN"}, "title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-13T14:47:14.748648Z", "id": "CVE-2026-0499", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T14:47:20.849Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0499", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-13T14:47:14.748648Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-13T14:47:18.313Z"}}], "cna": {"title": "Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP NetWeaver Enterprise Portal", "versions": [{"status": "affected", "version": "EP-RUNTIME 7.50"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://me.sap.com/notes/3687372"}, {"url": "https://url.sap/sapsecuritypatchday"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.", "supportingMedia": [{"type": "text/html", "value": "<p>SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "eng", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2026-01-13T01:13:47.482Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0499", "state": "PUBLISHED", "dateUpdated": "2026-01-13T14:47:20.849Z", "dateReserved": "2025-12-09T22:06:40.557Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2026-01-13T01:13:47.482Z", "assignerShortName": "sap"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser when the crafted URL is visited, leading to theft of session information, manipulation of portal content, or user redirection, resulting in a low impact on the application's confidentiality and integrity, with no impact on availability."}, {"lang": "es", "value": "SAP NetWeaver Enterprise Portal permite a un atacante no autenticado inyectar scripts maliciosos en un par\u00e1metro de URL. Los scripts se reflejan en la respuesta del servidor y se ejecutan en el navegador de un usuario cuando se visita la URL manipulada, lo que lleva al robo de informaci\u00f3n de sesi\u00f3n, manipulaci\u00f3n del contenido del portal o redirecci\u00f3n del usuario, resultando en un bajo impacto en la confidencialidad e integridad de la aplicaci\u00f3n, sin impacto en la disponibilidad."}], "id": "CVE-2026-0499", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "cna@sap.com", "type": "Primary"}]}, "published": "2026-01-13T02:15:52.467", "references": [{"source": "cna@sap.com", "url": "https://me.sap.com/notes/3687372"}, {"source": "cna@sap.com", "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@sap.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T06:50:07.307537+00:00", "value": {"mitigation_remediation": ["Validate or encode all URL parameters to prevent reflection of arbitrary scripts", "Implement a Content Security Policy that restricts inline script execution", "Ensure session cookies are marked HttpOnly, Secure, and consider moving to token\u2011based authentication to limit credential theft risk"], "summary": {"action": "Assess Impact", "impact": "Cross\u2011Site Scripting reflected in URL parameters"}, "threat_synthesis": {"affected_systems": "All installations of SAP NetWeaver Enterprise Portal are affected. No specific version range is supplied in the advisory, so all releases of the product should be considered potentially vulnerable until a patch is issued.", "description_and_impact": "An unauthenticated attacker can craft a URL that injects malicious JavaScript into a parameter processed by SAP NetWeaver Enterprise Portal. The script is reflected back in the server response and executed in the victim\u2019s browser when the URL is visited, allowing the attacker to steal session data, alter portal content, or redirect the user. The impact is limited to confidentiality and integrity of the application, with no effect on availability, as described by the vendor.", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate risk, and the EPSS score of less than 1% suggests very low probability of real\u2011world exploitation at present. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is an unauthenticated attacker sending the crafted URL to a legitimate user; the user must open or click the link in a web browser for the script to run. No additional attacker privileges or network conditions are required beyond access to the public web interface."}}}}, "created": "2026-01-13T09:26:58.736937+00:00", "updated": "2026-04-18T07:00:11.343193+00:00", "vendors": ["sap", "sap$PRODUCT$netweaver_enterprise_portal"]}