151 matches found
CVE-2021-27617
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to...
CVE-2021-27618
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of...
CVE-2021-27618
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of...
CVE-2021-27617
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to...
Design/Logic Flaw
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to...
Design/Logic Flaw
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of...
CVE-2021-27618
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of...
CVE-2021-27617
CVE-2021-27617 affects SAP Process Integration’s Integration Builder Framework in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. Root cause: insufficient validation of an XML document uploaded from a local source, allowing an attacker to craft a malicious XML that, when uploaded and parsed, c...
CVE-2021-27618
Summary: CVE-2021-27618 affects SAP Process Integration’s Integration Builder Framework (versions 7.10–7.50). The root cause is failure to validate the file type extension of files uploaded from a local source, enabling an attacker to craft a malicious file that could cause a denial of service an...
CVE-2021-27617
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to...
SAP Process Integration 代码问题漏洞
SAP Process Integration is middleware from SAP Germany that enables SAP to seamlessly integrate with non-SAP applications in the company or with systems outside the company. A vulnerability exists in the Integration Builder Framework for SAP Process Integration versions 7.10, 7.11, 7.20, 7.30,...
CVE-2021-27599
SAP NetWeaver ABAP Server and ABAP Platform Process Integration - Integration Builder Framework, versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted...
CVE-2021-27604
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform Process Integration - Enterprise Service Repository JAVA Mappings, versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note...
CVE-2020-26826
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file including script files without proper file format validation, leading to Unrestricted File Upload...
Unrestricted file upload
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file including script files without proper file format validation, leading to Unrestricted File Upload...
SAP Process Integration Information Disclosure Vulnerability
SAP Process Integration is SAP's Enterprise Application Integration EAI software for seamless integration between SAP and non-SAP applications in a company or with systems external to the company. An information disclosure vulnerability exists in SAP Process Integration 1.0. An attacker could...
CVE-2020-26814
SAP Process Integration PGP Module - Business-to-Business Add On, version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure...
CVE-2020-26814
SAP Process Integration PGP Module - Business-to-Business Add On, version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure...
Information disclosure
SAP Process Integration PGP Module - Business-to-Business Add On, version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure...
CVE-2020-26814
SAP Process Integration PGP Module - Business-to-Business Add On, version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure...