SAP

Netweaver Process Integration

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2019-0367

  • EPSS 0.17%
  • Veröffentlicht 08.10.2019 20:15:10
  • Zuletzt bearbeitet 21.11.2024 04:16:44

SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.

4.3

CVE-2019-0356

  • EPSS 0.2%
  • Veröffentlicht 10.09.2019 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:16:44

Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.

6.1

CVE-2019-0337

  • EPSS 0.25%
  • Veröffentlicht 14.08.2019 14:15:16
  • Zuletzt bearbeitet 21.11.2024 04:16:42

Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cr...

9

CVE-2019-0328

  • EPSS 1.09%
  • Veröffentlicht 10.07.2019 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:16:41

ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of th...

4.8

CVE-2019-0316

  • EPSS 0.2%
  • Veröffentlicht 14.06.2019 19:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:40

SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from t...

7.5

CVE-2019-0315

  • EPSS 0.28%
  • Veröffentlicht 12.06.2019 17:29:03
  • Zuletzt bearbeitet 21.11.2024 04:16:40

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30)...

5.3

CVE-2019-0312

  • EPSS 0.18%
  • Veröffentlicht 12.06.2019 17:29:03
  • Zuletzt bearbeitet 21.11.2024 04:16:40

Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape informa...

4.3

CVE-2019-0305

  • EPSS 0.16%
  • Veröffentlicht 12.06.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 04:16:39

Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or...

4.3

CVE-2019-0278

  • EPSS 0.2%
  • Veröffentlicht 10.04.2019 21:29:01
  • Zuletzt bearbeitet 21.11.2024 04:16:37

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application,...

7.1

CVE-2019-0283

  • EPSS 0.13%
  • Veröffentlicht 10.04.2019 21:29:01
  • Zuletzt bearbeitet 21.11.2024 04:16:38

SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adap...