21 matches found
CVE-2019-0316
CVE-2019-0316 affects SAP NetWeaver Process Integration. The vulnerability arises from insufficient validation of user-controlled inputs in specific servlets, enabling a reflected Cross-Site Scripting (XSS) attack. An attacker with admin privileges can inject malicious scripts that are executed i...
CVE-2019-0328
CVE-2019-0328 affects SAP NetWeaver Process Integration’s ABAP Tests Modules across SAP Basis versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5. The root cause is improper handling when constructing external OS commands from input data, allowing an attacker to execute OS commands with privileged rights. Con...
CVE-2021-27618
Summary: CVE-2021-27618 affects SAP Process Integration’s Integration Builder Framework (versions 7.10–7.50). The root cause is failure to validate the file type extension of files uploaded from a local source, enabling an attacker to craft a malicious file that could cause a denial of service an...
CVE-2019-0305
The CVE-2019-0305 entry describes a Clickjacking vulnerability in SAP NetWeaver Process Integration JSPs (SAP_XIESR and SAP_XITOOL versions 7.10–7.11, 7.20, 7.30, 7.31, 7.40, 7.50) where frame UI restrictions are insufficient or incorrect, allowing UI elements from other domains to be overlaid. T...
CVE-2019-0356
CVE-2019-0356 affects SAP NetWeaver Process Integration XI Runtime Workbench (MESSAGING) and SAP_XIAF before versions 7.31, 7.40, 7.50. The issue enables an attacker to access information that should be restricted. Some sources attribute the vulnerability to configuration issues. Connected docume...
CVE-2019-0312
CVE-2019-0312 affects SAP NetWeaver Process Integration (PI). The vulnerability arises because several PI pages (SAP_XIESR 7.10–7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL 7.10–7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information such as h...
CVE-2022-41271
CVE-2022-41271 affects SAP NetWeaver Process Integration (PI) 7.50. An unauthenticated attacker can attach to an open interface exposed via JNDI and use an open naming/directory API to access services that can perform unauthorized operations. Impact per sources includes confidentiality and availa...
CVE-2019-0315
CVE-2019-0315 affects SAP NetWeaver Process Integration’s PI Integration Builder Web UI. Affected components/versions: SAP_XIESR (7.10–7.11, 7.20, 7.30, 7.31, 7.40, 7.50), SAP_XITOOL (7.10–7.11, 7.30, 7.31, 7.40, 7.50), and SAP_XIPCK (7.10–7.11, 7.20, 7.30). Under certain conditions, an attacker ...
CVE-2023-37488
Summary: CVE-2023-37488 affects SAP NetWeaver Process Integration components (SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50). The issue is a Cross-Site Scripting (XSS) vulnerability stemming from user-controlled inputs that are not sufficiently encoded, with limited impact to confidentiality and...
CVE-2022-41272
SAP NetWeaver Process Integration (PI) 7.50 is affected by CVE-2022-41272. An unauthenticated attacker can connect to open interfaces exposed via JNDI in the UDS feature and use open naming/directory APIs to access services, enabling full read access to user data, limited modifications, and syste...
CVE-2023-35873
SAP NetWeaver Process Integration Runtime Workbench (RWB) on SAP_XITOOL 7.50 reportedly fails to enforce authentication for certain user-identity–dependent functions, potentially allowing an unauthenticated user to view technical data about product status and configuration. The entry notes no acc...
CVE-2019-0337
The CVE-2019-0337 entry concerns SAP NetWeaver Process Integration (Java Proxy Runtime) across versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50. The root cause is insufficient encoding of user-controlled inputs in the URL, enabling Reflected Cross-Site Scripting (XSS). The impact described is that an ...
CVE-2024-28163
CVE-2024-28163 affects SAP NetWeaver Process Integration (PI) 7.50 where the Support Web Pages could reveal restricted information, resulting in low confidentiality impact with no integrity/availability impact. The issue is documented across multiple feeds (NVD, Red Hat, CNVD, CVE listing, etc.) ...
CVE-2021-27604
CVE-2021-27604 affects SAP NetWeaver ABAP Server and ABAP Platform (Process Integration – Enterprise Service Repository JAVA Mappings) across versions 7.10, 7.20, 7.30, 7.31, 7.40, 7.50. Root cause indicated as XML External Entity (XXE) vulnerability. Impact details in sources show partial confid...
CVE-2023-35872
CVE-2023-35872 affects SAP NetWeaver Process Integration (MDT component) with version SAP_XIAF 7.50. The issue is a missing authentication check for certain MDT functionalities that require user identity, potentially allowing an unauthenticated user to access technical data about product status a...
CVE-2019-0367
CVE-2019-0367 affects SAP NetWeaver Process Integration (B2B Toolkit) prior to versions 1.0 and 2.0. The root cause is missing authorization checks for an authenticated user, enabling the import of B2B table content and leading to a Missing Authorization Check. Publicly available connected docume...
CVE-2021-27617
CVE-2021-27617 affects SAP Process Integration’s Integration Builder Framework in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. Root cause: insufficient validation of an XML document uploaded from a local source, allowing an attacker to craft a malicious XML that, when uploaded and parsed, c...
CVE-2019-0278
The CVE-2019-0278 entry relates to SAP NetWeaver Process Integration’s Monitoring Servlet, where under certain conditions an attacker can view the names of database tables used by the application, leading to information disclosure. Affected versions include 7.10–7.11, 7.20, 7.30, 7.31, 7.40, and ...
CVE-2019-0282
The CVE-2019-0282 case concerns SAP NetWeaver Process Integration (Runtime Workbench) information disclosure. Multiple sources confirm that several pages can be accessed without user authentication, exposing internal data such as release information, Java package names, and Java object names. The...
CVE-2019-0283
CVE-2019-0283 affects SAP NetWeaver Process Integration (Adapter Engine). The issue is a Digital Signature Spoofing vulnerability that allows spoofed XML signatures to be accepted by the PI Axis adapter, enabling arbitrary requests to be processed even when the payload is altered, particularly wh...
CVE-2021-27599
Technical details for CVE-2021-27599 are not publicly provided in the supplied documents. Monitor for updates from SAP and CVE databases; no specifics on affected versions, impact, or remediation are included.