Vulnerabilities > CVE-2022-41271 - Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50

CVSS 9.4 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

LOW

Availability impact

HIGH

network

low complexity

sap

CWE-862

critical

NVD

Published: 2022-12-13

Updated: 2023-11-07

Summary

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Netweaver Process Integration 7.50	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References