Vulnerabilities > CVE-2019-0315 - Unspecified vulnerability in SAP Netweaver Process Integration

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2019-06-12

Updated: 2020-08-24

Summary

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver Process Integration 7.10 SAP Netweaver Process Integration 7.11 SAP Netweaver Process Integration 7.30 SAP Netweaver Process Integration 7.31 SAP Netweaver Process Integration 7.40 SAP Netweaver Process Integration 7.50 SAP Netweaver Process Integration 7.20	7

Summary

Vulnerable Configurations

References