161 matches found
CVE-2019-0379
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...
CVE-2019-0379
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...
CVE-2019-0367
SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...
Authentication flaw
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...
Authorization
SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...
CVE-2019-0379
CVE-2019-0379 affects SAP NetWeaver Process Integration (PI) – B2B Add-On versions 1.0 and 2.0. When the default security provider is switched to BouncyCastle (BC) , authentication checks are not performed properly, causing a Missing Authentication Check vulnerability. Public documents in the pro...
CVE-2019-0379
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...
CVE-2019-0367
SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...
CVE-2019-0367
CVE-2019-0367 affects SAP NetWeaver Process Integration (B2B Toolkit) prior to versions 1.0 and 2.0. The root cause is missing authorization checks for an authenticated user, enabling the import of B2B table content and leading to a Missing Authorization Check. Publicly available connected docume...
SAP NetWeaver Process Integration CVE-2019-0379 Authentication Bypass Vulnerability
Description SAP NetWeaver Process Integration is prone to an authentication-bypass vulnerability. Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access. SAP NetWeaver Process Integration version 1.0 and 2.0 are vulnerable. Technologies Affecte...
SAP NetWeaver Process Integration CVE-2019-0367 Remote Authorization Bypass Vulnerability
Description SAP NetWeaver Process Integration is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. SAP NetWeaver Process Integration versions 1.0 and 2.0 are vulnerable...
CVE-2019-0356
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAPXIAF before versions 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...
CVE-2019-0356
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAPXIAF before versions 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...
Authentication flaw
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAPXIAF before versions 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...
CVE-2019-0356
CVE-2019-0356 affects SAP NetWeaver Process Integration XI Runtime Workbench (MESSAGING) and SAP_XIAF before versions 7.31, 7.40, 7.50. The issue enables an attacker to access information that should be restricted. Some sources attribute the vulnerability to configuration issues. Connected docume...
CVE-2019-0337
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting XSS vulnerability...
CVE-2019-0337
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting XSS vulnerability...
CVE-2019-0337
The CVE-2019-0337 entry concerns SAP NetWeaver Process Integration (Java Proxy Runtime) across versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50. The root cause is insufficient encoding of user-controlled inputs in the URL, enabling Reflected Cross-Site Scripting (XSS). The impact described is that an ...
SAP NetWeaver Process Integration Command Injection Vulnerability
SAP Basis is a content management system.SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between internal systems and...
CVE-2019-0328
ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...