27 matches found
CVE-2021-27618
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of...
CVE-2021-27617
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to...
EUVD-2021-14364
Malware in sbrugna...
EUVD-2019-1152
Malware in sbrugna...
EUVD-2020-27455
Malware in sbrugna...
EUVD-2020-19350
Malware in sbrugna...
EUVD-2021-14365
Malware in sbrugna...
CVE-2020-6305
PI Rest Adapter of SAP Process Integration update provided in SAPXIAF 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2019-0379
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...
SAP Process Integration Privilege Permission and Access Control Issues Vulnerability
SAP Process Integration is middleware from SAP Germany that enables SAP to seamlessly integrate with non-SAP applications in the company or with systems outside the company. A vulnerability exists in the Integration Builder Framework for SAP Process Integration versions 7.10, 7.11, 7.20, 7.30,...
SAP Process Integration Privilege Permission and Access Control Issues Vulnerability (CNVD-2021-36675)
SAP Process Integration is a middleware provided by SAP Germany that enables SAP to seamlessly integrate with non-SAP applications in the company or with systems external to the company. A privilege permission and access control issue vulnerability exists in SAP Process Integration versions 7.10,...
CVE-2021-27618
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of...
CVE-2021-27617
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to...
CVE-2021-27618
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of...
Design/Logic Flaw
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to...
Design/Logic Flaw
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of...
CVE-2021-27618
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of...
SAP Process Integration Information Disclosure Vulnerability
SAP Process Integration is SAP's Enterprise Application Integration EAI software for seamless integration between SAP and non-SAP applications in a company or with systems external to the company. An information disclosure vulnerability exists in SAP Process Integration 1.0. An attacker could...
CVE-2020-26814
SAP Process Integration PGP Module - Business-to-Business Add On, version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure...
Information disclosure
SAP Process Integration PGP Module - Business-to-Business Add On, version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure...