Netweaver Process Integration@7.20 Security Vulnerabilities and Issues — Netweaver Process Integration@7.20 CVE List

Lucene search

SapNetweaver Process Integration7.20

8 matches found

CVE•added 2019/06/14 7:29 p.m.•310 views

CVE-2019-0316

SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...

4.8CVSS4.9AI score0.00238EPSS

CVE•added 2021/05/11 3:15 p.m.•119 views

CVE-2021-27618

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of s...

4.9CVSS5AI score0.00209EPSS

CVE•added 2019/06/12 3:29 p.m.•81 views

CVE-2019-0305

Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability....

4.3CVSS4.7AI score0.00162EPSS

CVE•added 2019/06/12 5:29 p.m.•73 views

CVE-2019-0312

Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports or other technical da...

5.3CVSS5.3AI score0.00176EPSS

CVE•added 2019/06/12 5:29 p.m.•60 views

CVE-2019-0315

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in F...

7.5CVSS7.2AI score0.00281EPSS

CVE•added 2021/04/14 3:15 p.m.•47 views

CVE-2021-27604

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.

7.7CVSS6.4AI score0.00343EPSS

CVE•added 2021/05/11 3:15 p.m.•43 views

CVE-2021-27617

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-...

4.9CVSS5AI score0.00209EPSS

CVE•added 2019/04/10 9:29 p.m.•42 views

CVE-2019-0278

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.

4.3CVSS4.3AI score0.00197EPSS