CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2023/07/11 3:15 a.m.•12 views

CVE-2023-35872

The Message Display Tool MDT of SAP NetWeaver Process Integration - version SAPXIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...

NVD•added 2023/07/11 3:15 a.m.•17 views

CVE-2023-35873

Prion•added 2023/07/11 3:15 a.m.•18 views

Design/Logic Flaw

6.4CVSS6.7AI score0.00191EPSS

Prion•added 2023/07/11 3:15 a.m.•24 views

Authentication flaw

6.4CVSS6.6AI score0.00191EPSS

CVE•added 2023/07/11 2:42 a.m.•49 views

CVE-2023-35873

SAP NetWeaver Process Integration Runtime Workbench (RWB) on SAP_XITOOL 7.50 reportedly fails to enforce authentication for certain user-identity–dependent functions, potentially allowing an unauthenticated user to view technical data about product status and configuration. The entry notes no acc...

Vulnrichment•added 2023/07/11 2:41 a.m.•13 views

CVE-2023-35872 Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)

6.5CVSS7.1AI score0.00191EPSS

Cvelist•added 2023/07/11 2:41 a.m.•19 views

CVE-2023-35872 Missing Authentication check in SAP NetWeaver Process Integration (Message Display Tool)

6.5CVSS6.9AI score0.00191EPSS

CVE•added 2023/07/11 2:41 a.m.•50 views

CVE-2023-35872

CVE-2023-35872 affects SAP NetWeaver Process Integration (MDT component) with version SAP_XIAF 7.50. The issue is a missing authentication check for certain MDT functionalities that require user identity, potentially allowing an unauthenticated user to access technical data about product status a...

CNNVD•added 2023/07/11 12:0 a.m.•1 views

SAP NetWeaver Process Integration 访问控制错误漏洞

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An access control error...

6.5CVSS6.6AI score0.00191EPSS

Exploits0References3

Tenable Nessus•added 2023/04/17 12:0 a.m.•34 views

SAP NetWeaver AS Java Multiple Vulnerabilities (April 2023)

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to...

9.9CVSS6.5AI score0.0075EPSS

Exploits0References5

NVD•added 2022/12/13 4:15 a.m.•13 views

CVE-2022-41272

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search UDS of SAP NetWeaver Process Integration PI - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized...

9.9CVSS0.0075EPSS

OSV•added 2022/12/13 3:15 a.m.•1 views

CVE-2022-41271

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration PI - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability...

9.4CVSS5.8AI score

CVE•added 2022/12/13 3:5 a.m.•62 views

CVE-2022-41272

SAP NetWeaver Process Integration (PI) 7.50 is affected by CVE-2022-41272. An unauthenticated attacker can connect to open interfaces exposed via JNDI in the UDS feature and use open naming/directory APIs to access services, enabling full read access to user data, limited modifications, and syste...

9.9CVSS8.2AI score0.0075EPSS