Information disclosure

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration Messaging System, fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure...

Design/Logic Flaw

SAP NetWeaver Process Integration Adapter Engine, fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Ax...

CVE-2019-0283

SAP NetWeaver Process Integration Adapter Engine, fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Ax...

CVE-2019-0283

CVE-2019-0283 affects SAP NetWeaver Process Integration (Adapter Engine). The issue is a Digital Signature Spoofing vulnerability that allows spoofed XML signatures to be accepted by the PI Axis adapter, enabling arbitrary requests to be processed even when the payload is altered, particularly wh...

CVE-2019-0282

Several web pages in SAP NetWeaver Process Integration Runtime Workbench, fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which can be misused by the...

CVE-2019-0282

The CVE-2019-0282 case concerns SAP NetWeaver Process Integration (Runtime Workbench) information disclosure. Multiple sources confirm that several pages can be accessed without user authentication, exposing internal data such as release information, Java package names, and Java object names. The...

CVE-2019-0278

The CVE-2019-0278 entry relates to SAP NetWeaver Process Integration’s Monitoring Servlet, where under certain conditions an attacker can view the names of database tables used by the application, leading to information disclosure. Affected versions include 7.10–7.11, 7.20, 7.30, 7.31, 7.40, and ...

CVE-2019-0278

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration Messaging System, fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure...

SAP Netweaver Process Integration Access Control Error Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications, of which Process Integration is a suite of enterprise application integration software. An access control error...

SAP NetWeaver Process Integration Information Disclosure Vulnerability (CNVD-2019-09637)

SAP NetWeaver is a service-oriented application and integration platform for SAP applications to provide a development and runtime environment can also be used and other applications and systems for custom development and integration. An information disclosure vulnerability exists in SAP NetWeave...

SAP NetWeaver Process Integration Information Disclosure Vulnerability

SAP NetWeaver is a service-oriented application and integration platform for SAP applications to provide a development and runtime environment can also be used and other applications and systems for custom development and integration. An information disclosure vulnerability exists in SAP NetWeave...