151 matches found
SAP NetWeaver Process Integration CVE-2019-0379 Authentication Bypass Vulnerability
Description SAP NetWeaver Process Integration is prone to an authentication-bypass vulnerability. Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access. SAP NetWeaver Process Integration version 1.0 and 2.0 are vulnerable. Technologies Affecte...
CVE-2019-0356
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAPXIAF before versions 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...
CVE-2019-0356
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAPXIAF before versions 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...
Authentication flaw
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAPXIAF before versions 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...
CVE-2019-0356
CVE-2019-0356 affects SAP NetWeaver Process Integration XI Runtime Workbench (MESSAGING) and SAP_XIAF before versions 7.31, 7.40, 7.50. The issue enables an attacker to access information that should be restricted. Some sources attribute the vulnerability to configuration issues. Connected docume...
CVE-2019-0337
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting XSS vulnerability...
CVE-2019-0337
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting XSS vulnerability...
CVE-2019-0337
The CVE-2019-0337 entry concerns SAP NetWeaver Process Integration (Java Proxy Runtime) across versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50. The root cause is insufficient encoding of user-controlled inputs in the URL, enabling Reflected Cross-Site Scripting (XSS). The impact described is that an ...
SAP NetWeaver Process Integration Command Injection Vulnerability
SAP Basis is a content management system.SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between internal systems and...
CVE-2019-0328
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...
CVE-2019-0328
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...
Code injection
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...
CVE-2019-0328
CVE-2019-0328 affects SAP NetWeaver Process Integration’s ABAP Tests Modules across SAP Basis versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5. The root cause is improper handling when constructing external OS commands from input data, allowing an attacker to execute OS commands with privileged rights. Con...
Cross site scripting
SAP NetWeaver Process Integration, versions: SAPXIESR: 7.20, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...
CVE-2019-0316
SAP NetWeaver Process Integration, versions: SAPXIESR: 7.20, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...
CVE-2019-0316
SAP NetWeaver Process Integration, versions: SAPXIESR: 7.20, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...
CVE-2019-0316
SAP NetWeaver Process Integration, versions: SAPXIESR: 7.20, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...
CVE-2019-0316
CVE-2019-0316 affects SAP NetWeaver Process Integration. The vulnerability arises from insufficient validation of user-controlled inputs in specific servlets, enabling a reflected Cross-Site Scripting (XSS) attack. An attacker with admin privileges can inject malicious scripts that are executed i...
SAP NetWeaver Process Integration Clickjacking Vulnerability
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A clickjacking vulnerability...
SAP NetWeaver Process Integration Cross-Site Scripting Vulnerability (CNVD-2019-34746)
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A cross-site scripting...