Vulnerabilities > CVE-2022-41271 - Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50

047910
CVSS 9.4 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
LOW
Availability impact
HIGH
network
low complexity
sap
CWE-862
critical

Summary

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection

Vulnerable Configurations

Part Description Count
Application
Sap
1

Common Weakness Enumeration (CWE)