CVE-2026-0499

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Enterprise Portal (affected versions not specified)

Description An unauthenticated attacker can inject malicious scripts into a URL parameter. These scripts are reflected in the server response and executed in a user's browser when a crafted URL is visited. This can lead to the theft of session information, manipulation of portal content, or user redirection. The impact on the application is low regarding confidentiality and integrity, with no impact on availability. The attack involves reflected cross-site scripting.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.