161 matches found
CVE-2019-0328
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...
Code injection
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...
CVE-2019-0328
CVE-2019-0328 affects SAP NetWeaver Process Integration’s ABAP Tests Modules across SAP Basis versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5. The root cause is improper handling when constructing external OS commands from input data, allowing an attacker to execute OS commands with privileged rights. Con...
Cross site scripting
SAP NetWeaver Process Integration, versions: SAPXIESR: 7.20, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...
CVE-2019-0316
SAP NetWeaver Process Integration, versions: SAPXIESR: 7.20, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...
CVE-2019-0316
SAP NetWeaver Process Integration, versions: SAPXIESR: 7.20, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...
CVE-2019-0316
SAP NetWeaver Process Integration, versions: SAPXIESR: 7.20, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...
CVE-2019-0316
CVE-2019-0316 affects SAP NetWeaver Process Integration. The vulnerability arises from insufficient validation of user-controlled inputs in specific servlets, enabling a reflected Cross-Site Scripting (XSS) attack. An attacker with admin privileges can inject malicious scripts that are executed i...
SAP NetWeaver Process Integration Information Disclosure Vulnerability (CNVD-2019-34747)
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An information disclosure...
SAP NetWeaver Process Integration Clickjacking Vulnerability
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A clickjacking vulnerability...
SAP NetWeaver Process Integration Cross-Site Scripting Vulnerability (CNVD-2019-34746)
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A cross-site scripting...
CVE-2019-0315
Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAPXIPCK 7.10 to 7.11, 7.20, 7.30 allows an attacker to access passwords used in FTP...
CVE-2019-0312
Several web pages provided SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 are not password protected. An attacker could access landscape information like host names, ports or other technical data...
CVE-2019-0312
Several web pages provided SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 are not password protected. An attacker could access landscape information like host names, ports or other technical data...
CVE-2019-0315
Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAPXIPCK 7.10 to 7.11, 7.20, 7.30 allows an attacker to access passwords used in FTP...
Default credentials
Several web pages provided SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 are not password protected. An attacker could access landscape information like host names, ports or other technical data...
Information disclosure
Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAPXIPCK 7.10 to 7.11, 7.20, 7.30 allows an attacker to access passwords used in FTP...
CVE-2019-0312
Several web pages provided SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 are not password protected. An attacker could access landscape information like host names, ports or other technical data...
CVE-2019-0315
CVE-2019-0315 affects SAP NetWeaver Process Integration’s PI Integration Builder Web UI. Affected components/versions: SAP_XIESR (7.10–7.11, 7.20, 7.30, 7.31, 7.40, 7.50), SAP_XITOOL (7.10–7.11, 7.30, 7.31, 7.40, 7.50), and SAP_XIPCK (7.10–7.11, 7.20, 7.30). Under certain conditions, an attacker ...
CVE-2019-0312
CVE-2019-0312 affects SAP NetWeaver Process Integration (PI). The vulnerability arises because several PI pages (SAP_XIESR 7.10–7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL 7.10–7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information such as h...