151 matches found
CVE-2020-26814
SAP Process Integration (PGP Module – Business-to-Business Add-On), version 1.0, contains an information-disclosure vulnerability that allows an attacker to read PGP Keys under certain conditions, which can then be used to read messages processed by the module. Root cause and exact exploitation d...
SAP Process Integration PI Rest Adapter Cross-Site Scripting Vulnerability
SAP Process Integration is a middleware provided by SAP Germany that enables SAP to seamlessly integrate with non-SAP applications in the company or with systems external to the company. A cross-site scripting vulnerability exists in SAP Process Integration PI Rest Adapter. The vulnerability stem...
CVE-2020-6305
PI Rest Adapter of SAP Process Integration update provided in SAPXIAF 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
Cross site scripting
PI Rest Adapter of SAP Process Integration update provided in SAPXIAF 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2020-6305
PI Rest Adapter of SAP Process Integration update provided in SAPXIAF 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2020-6305
The vulnerability is in SAP Process Integration PI Rest Adapter and is caused by insufficient encoding of user‑controlled inputs, leading to Cross‑Site Scripting (XSS). Affected versions identified in public disclosures include SAP PI/NetWeaver Process Integration updates for 7.31, 7.40, and 7.50...
SAP NetWeaver Process Integration CVE-2020-6305 Cross Site Scripting Vulnerability
Description SAP NetWeaver Process Integration is prone to an cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
SAP NetWeaver Process Integration Information Disclosure Vulnerability (CNVD-2020-04285)
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An information disclosure...
SAP NetWeaver Process Integration Data Forgery Issue Vulnerability
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. A vulnerability exists in SAP...
Unspecified Vulnerability in SAP NetWeaver Process Integration
SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An unspecified vulnerability...
CVE-2019-0379
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...
CVE-2019-0379
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...
CVE-2019-0367
SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...
Authentication flaw
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...
Authorization
SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...
CVE-2019-0379
CVE-2019-0379 affects SAP NetWeaver Process Integration (PI) – B2B Add-On versions 1.0 and 2.0. When the default security provider is switched to BouncyCastle (BC) , authentication checks are not performed properly, causing a Missing Authentication Check vulnerability. Public documents in the pro...
CVE-2019-0379
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...
CVE-2019-0367
CVE-2019-0367 affects SAP NetWeaver Process Integration (B2B Toolkit) prior to versions 1.0 and 2.0. The root cause is missing authorization checks for an authenticated user, enabling the import of B2B table content and leading to a Missing Authorization Check. Publicly available connected docume...
CVE-2019-0367
SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...
SAP NetWeaver Process Integration CVE-2019-0367 Remote Authorization Bypass Vulnerability
Description SAP NetWeaver Process Integration is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. SAP NetWeaver Process Integration versions 1.0 and 2.0 are vulnerable...