Lucene search
+L

161 matches found

NVD
NVD
added 2019/10/08 8:15 p.m.26 views

CVE-2019-0379

SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...

5.3CVSS5.5AI score0.00805EPSS
Exploits0References2
OSV
OSV
added 2019/10/08 8:15 p.m.6 views

CVE-2019-0379

SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...

5.3CVSS6.1AI score0.00805EPSS
Exploits0References2
NVD
NVD
added 2019/10/08 8:15 p.m.29 views

CVE-2019-0367

SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...

4.3CVSS4.6AI score0.0055EPSS
Exploits0References2
Prion
Prion
added 2019/10/08 8:15 p.m.17 views

Authentication flaw

SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...

5CVSS5.5AI score0.00805EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2019/10/08 8:15 p.m.19 views

Authorization

SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...

4CVSS4.7AI score0.0055EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/10/08 7:27 p.m.52 views

CVE-2019-0379

CVE-2019-0379 affects SAP NetWeaver Process Integration (PI) – B2B Add-On versions 1.0 and 2.0. When the default security provider is switched to BouncyCastle (BC) , authentication checks are not performed properly, causing a Missing Authentication Check vulnerability. Public documents in the pro...

5.3CVSS5.5AI score0.00805EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/10/08 7:27 p.m.30 views

CVE-2019-0379

SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle BC, leading to Missing Authentication Check...

5.5AI score0.00805EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/10/08 7:16 p.m.32 views

CVE-2019-0367

SAP NetWeaver Process Integration B2B Toolkit, before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check...

4.7AI score0.0055EPSS
Exploits0References2
CVE
CVE
added 2019/10/08 7:16 p.m.60 views

CVE-2019-0367

CVE-2019-0367 affects SAP NetWeaver Process Integration (B2B Toolkit) prior to versions 1.0 and 2.0. The root cause is missing authorization checks for an authenticated user, enabling the import of B2B table content and leading to a Missing Authorization Check. Publicly available connected docume...

4.3CVSS4.6AI score0.0055EPSS
Exploits0References2Affected Software1
Symantec
Symantec
added 2019/10/08 12:0 a.m.74 views

SAP NetWeaver Process Integration CVE-2019-0379 Authentication Bypass Vulnerability

Description SAP NetWeaver Process Integration is prone to an authentication-bypass vulnerability. Remote attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access. SAP NetWeaver Process Integration version 1.0 and 2.0 are vulnerable. Technologies Affecte...

2.4AI score0.00805EPSS
Exploits0References2Affected Software1
Symantec
Symantec
added 2019/10/08 12:0 a.m.52 views

SAP NetWeaver Process Integration CVE-2019-0367 Remote Authorization Bypass Vulnerability

Description SAP NetWeaver Process Integration is prone to an authorization-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks. SAP NetWeaver Process Integration versions 1.0 and 2.0 are vulnerable...

1.4AI score0.0055EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/09/10 5:15 p.m.26 views

CVE-2019-0356

Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAPXIAF before versions 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...

4.3CVSS4.5AI score0.00704EPSS
Exploits0References2
OSV
OSV
added 2019/09/10 5:15 p.m.6 views

CVE-2019-0356

Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAPXIAF before versions 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...

4.3CVSS5.8AI score0.00704EPSS
Exploits0References2
Prion
Prion
added 2019/09/10 5:15 p.m.19 views

Authentication flaw

Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAPXIAF before versions 7.31, 7.40, 7.50 allows an attacker to access information which would otherwise be restricted...

4CVSS4.6AI score0.00704EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/09/10 4:27 p.m.91 views

CVE-2019-0356

CVE-2019-0356 affects SAP NetWeaver Process Integration XI Runtime Workbench (MESSAGING) and SAP_XIAF before versions 7.31, 7.40, 7.50. The issue enables an attacker to access information that should be restricted. Some sources attribute the vulnerability to configuration issues. Connected docume...

4.3CVSS4.5AI score0.00704EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/08/14 2:15 p.m.5 views

CVE-2019-0337

Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting XSS vulnerability...

6.1CVSS5.9AI score0.00843EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/08/14 1:47 p.m.26 views

CVE-2019-0337

Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting XSS vulnerability...

6AI score0.00843EPSS
Exploits0References2
CVE
CVE
added 2019/08/14 1:47 p.m.66 views

CVE-2019-0337

The CVE-2019-0337 entry concerns SAP NetWeaver Process Integration (Java Proxy Runtime) across versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50. The root cause is insufficient encoding of user-controlled inputs in the URL, enabling Reflected Cross-Site Scripting (XSS). The impact described is that an ...

6.1CVSS6AI score0.00843EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2019/08/01 12:0 a.m.6 views

SAP NetWeaver Process Integration Command Injection Vulnerability

SAP Basis is a content management system.SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between internal systems and...

9CVSS7.6AI score0.03422EPSS
Exploits0References1
OSV
OSV
added 2019/07/10 8:15 p.m.5 views

CVE-2019-0328

ABAP Tests Modules SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5 of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system...

7.2CVSS7.2AI score0.03422EPSS
Exploits0References3
Rows per page
Query Builder