Unrated severityNVD Advisory· Published Apr 10, 2019· Updated Aug 4, 2024

CVE-2019-0283

Description

SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document.

Affected products

SAP/NetWeaver Process Integrationllm-fuzzy
Range: 7.10-7.11, 7.30, 7.31, 7.40, 7.50
SAP SE/SAP NetWeaver Process Integration (Adapter Engine)v5
Range: < from 7.10 to 7.11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

launchpad.support.sap.commitrex_refsource_CONFIRM
wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000