37 matches found
CVE-2019-0337
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting XSS vulnerability...
SAP NetWeaver Process Integration Command Injection Vulnerability
SAP Basis is a content management system.SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between internal systems and...
CVE-2019-0328
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...
CVE-2019-0328
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...
Code injection
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...
CVE-2019-0316
SAP NetWeaver Process Integration, versions: SAPXIESR: 7.20, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...
SAP NetWeaver Process Integration Clickjacking Vulnerability
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A clickjacking vulnerability...
SAP NetWeaver Process Integration Cross-Site Scripting Vulnerability (CNVD-2019-34746)
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A cross-site scripting...
SAP NetWeaver Process Integration Information Disclosure Vulnerability (CNVD-2019-34747)
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An information disclosure...
CVE-2019-0315
Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAPXIPCK 7.10 to 7.11, 7.20, 7.30 allows an attacker to access passwords used in FTP...
Information disclosure
Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAPXIPCK 7.10 to 7.11, 7.20, 7.30 allows an attacker to access passwords used in FTP...
Spoofing
Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...
CVE-2019-0278
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration Messaging System, fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure...
CVE-2019-0282
Several web pages in SAP NetWeaver Process Integration Runtime Workbench, fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the...
CVE-2019-0282
Several web pages in SAP NetWeaver Process Integration Runtime Workbench, fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the...
SAP NetWeaver Process Integration Information Disclosure Vulnerability
SAP NetWeaver is a service-oriented application and integration platform for SAP applications to provide a development and runtime environment can also be used and other applications and systems for custom development and integration. An information disclosure vulnerability exists in SAP NetWeave...
SAP NetWeaver Process Integration Information Disclosure Vulnerability (CNVD-2019-09637)
SAP NetWeaver is a service-oriented application and integration platform for SAP applications to provide a development and runtime environment can also be used and other applications and systems for custom development and integration. An information disclosure vulnerability exists in SAP NetWeave...