Sap Netweaver_process_integration
21 CVEs affecting Sap Netweaver_process_integration. Latest disclosed: 2024-03-12. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-41272 | Critical | 9.9 | 2022-12-13 | An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Int… |
CVE-2022-41271 | Critical | 9.4 | 2022-12-13 | An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50… |
CVE-2019-0315 | High | 7.5 | 2019-06-12 | Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.5… |
CVE-2019-0328 | High | 7.2 | 2019-07-10 | ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands wi… |
CVE-2019-0283 | High | 7.1 | 2019-04-10 | SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is… |
CVE-2023-35873 | Medium | 6.5 | 2023-07-11 | The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities… |
CVE-2023-35872 | Medium | 6.5 | 2023-07-11 | The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities… |
CVE-2021-27604 | Medium | 6.5 | 2021-04-14 | In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA… |
CVE-2021-27599 | Medium | 6.5 | 2021-04-14 | SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker… |
CVE-2023-37488 | Medium | 6.1 | 2023-08-08 | In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could resu… |
CVE-2019-0337 | Medium | 6.1 | 2019-08-14 | Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and a… |
CVE-2024-28163 | Medium | 5.3 | 2024-03-12 | Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would oth… |
CVE-2019-0312 | Medium | 5.3 | 2019-06-12 | Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.3… |
CVE-2019-0282 | Medium | 5.3 | 2019-04-10 | Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without use… |
CVE-2021-27618 | Medium | 4.9 | 2021-05-11 | The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the… |
CVE-2021-27617 | Medium | 4.9 | 2021-05-11 | The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML documen… |
CVE-2019-0316 | Medium | 4.8 | 2019-06-14 | SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled… |
CVE-2019-0367 | Medium | 4.3 | 2019-10-08 | SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowi… |
CVE-2019-0356 | Medium | 4.3 | 2019-09-10 | Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to… |
CVE-2019-0305 | Medium | 4.3 | 2019-06-12 | Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restri… |