SAP Process Integration Privilege Permission and Access Control Issues Vulnerability

SAP Process Integration is middleware from SAP Germany that enables SAP to seamlessly integrate with non-SAP applications in the company or with systems outside the company. A vulnerability exists in the Integration Builder Framework for SAP Process Integration versions 7.10, 7.11, 7.20, 7.30,...

CVE-2021-27618

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of...

CVE-2021-27618

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of...

CVE-2021-27617

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to...

Design/Logic Flaw

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to...

CVE-2021-27618

Summary: CVE-2021-27618 affects SAP Process Integration’s Integration Builder Framework (versions 7.10–7.50). The root cause is failure to validate the file type extension of files uploaded from a local source, enabling an attacker to craft a malicious file that could cause a denial of service an...

CVE-2021-27599

SAP NetWeaver ABAP Server and ABAP Platform Process Integration - Integration Builder Framework, versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted...