Netweaver Process Integration Security Vulnerabilities and Issues — Netweaver Process Integration CVE List

Lucene search

SapNetweaver Process Integration

7 matches found

CVE•added 2019/06/14 7:29 p.m.•310 views

CVE-2019-0316

SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by injecting malicious scrip...

4.8CVSS4.9AI score0.00238EPSS

CVE•added 2021/05/11 3:15 p.m.•119 views

CVE-2021-27618

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of s...

4.9CVSS5AI score0.00209EPSS

CVE•added 2019/06/12 3:29 p.m.•81 views

CVE-2019-0305

Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability....

4.3CVSS4.7AI score0.00162EPSS

CVE•added 2019/09/10 5:15 p.m.•76 views

CVE-2019-0356

Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.

4.3CVSS4.5AI score0.00197EPSS

CVE•added 2021/05/11 3:15 p.m.•43 views

CVE-2021-27617

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-...

4.9CVSS5AI score0.00209EPSS

CVE•added 2019/04/10 9:29 p.m.•42 views

CVE-2019-0278

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure.

4.3CVSS4.3AI score0.00197EPSS

CVE•added 2019/10/08 8:15 p.m.•41 views

CVE-2019-0367

SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.

4.3CVSS4.6AI score0.00174EPSS