EUVD-2022-44481

Malicious code in bioql PyPI...

CVE-2019-0328

ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...

CVE-2019-0315

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration versions: SAPXIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAPXITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAPXIPCK 7.10 to 7.11, 7.20, 7.30 allows an attacker to access passwords used in FTP...

CVE-2019-0367

SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...

SAP NetWeaver Process Integration 信息泄露漏洞

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An information disclosure...

CVE-2023-37488 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Process Integration

In SAP NetWeaver Process Integration - versions SAPXIESR 7.50, SAPXITOOL 7.50, SAPXIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting XSS attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of t...

SAP NetWeaver 跨站脚本漏洞

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A cross-site scripting vulnerability exists in SAP NetWeaver Process Integration that stems from...

The vulnerability of the Runtime Workbench component of the SAP NetWeaver Process Integration software, which allows attackers to compromise the confidentiality and accessibility of protected information.

The vulnerability of the Runtime Workbench RWB component of the SAP NetWeaver Process Integration software lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to compromise the confidentiality and accessibility of protected information...

The vulnerability of the The Message Display Tool (MDT) software component, used for integrating corporate applications in SAP NetWeaver Process Integration, allows a perpetrator to disclose protected information.

The vulnerability of the The Message Display Tool MDT software component, used for integrating corporate applications in SAP NetWeaver Process Integration, is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...

CVE-2023-35873

The Runtime Workbench RWB of SAP NetWeaver Process Integration - version SAPXITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...

Design/Logic Flaw

The Message Display Tool MDT of SAP NetWeaver Process Integration - version SAPXIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The...

SAP NetWeaver Process Integration 访问控制错误漏洞

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An access control error...

SAP NetWeaver AS Java Multiple Vulnerabilities (April 2023)

SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to...

CVE-2022-41271

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration PI - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability...

PT-2022-25780 · Sap · Sap Netweaver Process Integration

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Process Integration PI version 7.50 Description: The issue allows an unauthenticated user to attach to an open interface exposed through JNDI by the Messaging System, making use of an open naming and directory API to access...

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications lies in insufficient encoding of user-input data, allowing attackers to execute malicious scripts.

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications is related to insufficient encoding of user-input data. Exploiting this vulnerability allows a malicious actor to execute malicious scripts remotely...

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications, related to authentication errors, allows attackers to increase their privileges.

The vulnerability of the software for integrating SAP NetWeaver Process Integration corporate applications is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications, related to access control deficiencies, allows a perpetrator to send arbitrary requests to the server through the PI Axis adapter.

The vulnerability of the software for integrating SAP NetWeaver Process Integration corporate applications is related to lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to send arbitrary requests to the server through the PI Axis adapter...

SAP NetWeaver Process Integration Information Disclosure Vulnerability (CNVD-2020-04285)

SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between the internal system and the external. An information disclosure...

SAP NetWeaver Process Integration CVE-2019-0367 Remote Authorization Bypass Vulnerability

Description SAP NetWeaver Process Integration is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. SAP NetWeaver Process Integration versions 1.0 and 2.0 are vulnerable...