SAP Knowledge Base Article - Preview

2910827 - Sensitive data transmitted via hidden form fields Enterprise Portal vulnerability report


You have performed a security scan of your Enterprise Portal system and a security vulnerability is reported similar to the below:

Sensitive information should not be transmitted using hidden form fields. This is because an attacker/hacker can view the web page source code and retrieve the stored values from the hidden form field.

A recommendation of using session cookies may be provided by the security report.



  • SAP NetWeaver Application Server for Java release independent
  • Enterprise Portal


SAP NetWeaver all versions


security, scanner, ep, vulnerability, post, get, method, methods, http, https, hidden, forms, field, fields, htm, html , KBA , EP-PIN-SEC-SZ , Security Zones , EP-PIN-AI , Application Integration , EP-PIN-NAV , Navigation , EP-PIN-PRT , Portal Runtime , EP-PIN-PCM , Portal Content Model , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.