medium2026-07-14SAP NetWeaverCVE-2026-44759
Reflected XSS in SAP NetWeaver Enterprise Portal
SAP NetWeaver Enterprise Portal
Our Take
Enterprise Portal is broadly used as the frontend for legacy SAP applications. If your organisation still runs EP for user access to ABAP transactions, include this in the next planned window.
Vulnerability Detail
Reflected cross-site scripting vulnerability in URL parameters of SAP NetWeaver Enterprise Portal. An attacker can craft a malicious URL that, when visited by an authenticated portal user, executes scripts in the victim's browser context, enabling session hijacking or credential theft.
Patch Action
Apply SAP Note 3746678. Verify affected versions in the official SAP Note.
Patch Info