SAP Knowledge Base Article - Preview

2910827 - Sensitive data transmitted via hidden form fields Enterprise Portal vulnerability report


You have performed a security scan of your Enterprise Portal system and a security vulnerability is reported similar to the below:

Sensitive information should not be transmitted using hidden form fields. This is because an attacker/hacker can view the web page source code and retrieve the stored values from the hidden form field.

A recommendation of using session cookies may be provided by the security report.



  • SAP NetWeaver Application Server for Java release independent
  • Enterprise Portal


SAP NetWeaver all versions


security, scanner, ep, vulnerability, post, get, method, methods, http, https, hidden, forms, field, fields, htm, html , KBA , EP-PIN-SEC-SZ , Security Zones , EP-PIN-AI , Application Integration , EP-PIN-NAV , Navigation , EP-PIN-PRT , Portal Runtime , EP-PIN-PCM , Portal Content Model , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.