VYPR

Sap Netweaver Process Integration (message Display Tool)

by SAP

CVEs (4)

  • CVE-2023-37488Aug 8, 2023
    risk 0.00cvss epss 0.00

    In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on…

  • CVE-2023-35872Jul 11, 2023
    risk 0.00cvss epss 0.00

    The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its…

  • CVE-2022-41272Dec 13, 2022
    risk 0.00cvss epss 0.01

    An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to…

  • CVE-2022-41271Dec 13, 2022
    risk 0.00cvss epss 0.01

    An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized…