NetWeaver Process Integration

CVEs (16)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2024-28163	SAP NetWeaver Process Integration	—	0.00	Mar 12, 2024	Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the…
CVE-2023-37488	SAP Sap Netweaver Process Integration (message Display Tool)	—	0.00	Aug 8, 2023	In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on…
CVE-2023-35873	SAP NetWeaver Process Integration	—	0.00	Jul 11, 2023	The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its…
CVE-2023-35872	SAP Sap Netweaver Process Integration (message Display Tool)	—	0.00	Jul 11, 2023	The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its…
CVE-2022-41272	SAP Sap Netweaver Process Integration (message Display Tool)	—	0.01	Dec 13, 2022	An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to…
CVE-2022-41271	SAP Sap Netweaver Process Integration (message Display Tool)	—	0.01	Dec 13, 2022	An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized…
CVE-2019-0367	SAP NetWeaver Process Integration	—	0.00	Oct 8, 2019	SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.
CVE-2019-0337	SAP NetWeaver Process Integration	—	0.00	Aug 14, 2019	Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS)…
CVE-2019-0328	SAP NetWeaver Process Integration	—	0.01	Jul 10, 2019	ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.
CVE-2019-0316	SAP NetWeaver Process Integration	—	0.00	Jun 14, 2019	SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by…
CVE-2019-0312	SAP NetWeaver Process Integration	—	0.00	Jun 12, 2019	Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports…
CVE-2019-0315	SAP NetWeaver Process Integration	—	0.00	Jun 12, 2019	Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access…
CVE-2019-0305	SAP NetWeaver Process Integration	—	0.00	Jun 12, 2019	Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in…
CVE-2019-0283	SAP NetWeaver Process Integration	—	0.00	Apr 10, 2019	SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be…
CVE-2019-0282	SAP NetWeaver Process Integration	—	0.00	Apr 10, 2019	Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which…
CVE-2019-0278	SAP NetWeaver Process Integration	—	0.00	Apr 10, 2019	Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information…

CVE-2024-28163Mar 12, 2024
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.00
Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the…
CVE-2023-37488Aug 8, 2023
SAP
Sap Netweaver Process Integration (message Display Tool)
risk 0.00cvss —epss 0.00
In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on…
CVE-2023-35873Jul 11, 2023
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.00
The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its…
CVE-2023-35872Jul 11, 2023
SAP
Sap Netweaver Process Integration (message Display Tool)
risk 0.00cvss —epss 0.00
The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its…
CVE-2022-41272Dec 13, 2022
SAP
Sap Netweaver Process Integration (message Display Tool)
risk 0.00cvss —epss 0.01
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to…
CVE-2022-41271Dec 13, 2022
SAP
Sap Netweaver Process Integration (message Display Tool)
risk 0.00cvss —epss 0.01
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized…
CVE-2019-0367Oct 8, 2019
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.00
SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.
CVE-2019-0337Aug 14, 2019
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.00
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS)…
CVE-2019-0328Jul 10, 2019
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.01
ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights. An attacker could thereby impact the integrity and availability of the system.
CVE-2019-0316Jun 14, 2019
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.00
SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate user-controlled inputs, which allows an attacker possessing admin privileges to read and modify data from the victim’s browser, by…
CVE-2019-0312Jun 12, 2019
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.00
Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape information like host names, ports…
CVE-2019-0315Jun 12, 2019
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.00
Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access…
CVE-2019-0305Jun 12, 2019
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.00
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in…
CVE-2019-0283Apr 10, 2019
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.00
SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be…
CVE-2019-0282Apr 10, 2019
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.00
Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be accessed without user authentication, which might expose internal data like release information, Java package and Java object names which…
CVE-2019-0278Apr 10, 2019
SAP
NetWeaver Process Integration
risk 0.00cvss —epss 0.00
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information…