Lucene search
K

37 matches found

Cvelist
Cvelist
added 2019/08/14 1:47 p.m.25 views

CVE-2019-0337

Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting XSS vulnerability...

6AI score0.00843EPSS
Exploits0References2
CNVD
CNVD
added 2019/08/01 12:0 a.m.4 views

SAP NetWeaver Process Integration Command Injection Vulnerability

SAP Basis is a content management system.SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between internal systems and...

9CVSS7.6AI score0.03422EPSS
Exploits0References1
NVD
NVD
added 2019/07/10 8:15 p.m.22 views

CVE-2019-0328

ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...

9CVSS7.1AI score0.03422EPSS
Exploits0References3
OSV
OSV
added 2019/07/10 8:15 p.m.3 views

CVE-2019-0328

ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...

7.2CVSS7.2AI score0.03422EPSS
Exploits0References3
Prion
Prion
added 2019/07/10 8:15 p.m.25 views

Code injection

ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...

9CVSS7.1AI score0.03422EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2019/06/14 7:29 p.m.14 views

CVE-2019-0316

SAP NetWeaver Process Integration, versions: SAPXIESR: 7.20, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...

4.8CVSS5AI score0.00632EPSS
Exploits0References2
CNVD
CNVD
added 2019/06/13 12:0 a.m.2 views

SAP NetWeaver Process Integration Clickjacking Vulnerability

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A clickjacking vulnerability...

4.3CVSS6.5AI score0.00886EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/13 12:0 a.m.3 views

SAP NetWeaver Process Integration Cross-Site Scripting Vulnerability (CNVD-2019-34746)

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A cross-site scripting...

4.8CVSS6.1AI score0.00632EPSS
Exploits0References1
CNVD
CNVD
added 2019/06/13 12:0 a.m.3 views

SAP NetWeaver Process Integration Information Disclosure Vulnerability (CNVD-2019-34747)

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An information disclosure...

5.3CVSS6.1AI score0.01135EPSS
Exploits0References1
NVD
NVD
added 2019/06/12 5:29 p.m.25 views

CVE-2019-0315

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAPXIPCK 7.10 to 7.11, 7.20, 7.30 allows an attacker to access passwords used in FTP...

7.5CVSS7.3AI score0.0143EPSS
Exploits0References2
Prion
Prion
added 2019/06/12 5:29 p.m.26 views

Information disclosure

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAPXIPCK 7.10 to 7.11, 7.20, 7.30 allows an attacker to access passwords used in FTP...

5CVSS7.2AI score0.0143EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/06/12 3:29 p.m.25 views

Spoofing

Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...

4.3CVSS4.7AI score0.00886EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/04/10 9:29 p.m.5 views

CVE-2019-0278

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration Messaging System, fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure...

4.3CVSS5.8AI score0.00716EPSS
Exploits0References2
NVD
NVD
added 2019/04/10 9:29 p.m.20 views

CVE-2019-0282

Several web pages in SAP NetWeaver Process Integration Runtime Workbench, fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the...

5.3CVSS5.2AI score0.01237EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/04/10 8:19 p.m.29 views

CVE-2019-0282

Several web pages in SAP NetWeaver Process Integration Runtime Workbench, fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the...

5.2AI score0.01237EPSS
Exploits0References2
CNVD
CNVD
added 2019/04/10 12:0 a.m.4 views

SAP NetWeaver Process Integration Information Disclosure Vulnerability

SAP NetWeaver is a service-oriented application and integration platform for SAP applications to provide a development and runtime environment can also be used and other applications and systems for custom development and integration. An information disclosure vulnerability exists in SAP NetWeave...

5.3CVSS6.1AI score0.01237EPSS
Exploits0References1
CNVD
CNVD
added 2019/04/10 12:0 a.m.4 views

SAP NetWeaver Process Integration Information Disclosure Vulnerability (CNVD-2019-09637)

SAP NetWeaver is a service-oriented application and integration platform for SAP applications to provide a development and runtime environment can also be used and other applications and systems for custom development and integration. An information disclosure vulnerability exists in SAP NetWeave...

4.3CVSS6.1AI score0.00716EPSS
Exploits0References1
Rows per page
Query Builder