Vulnerabilities > SAP > Netweaver Process Integration

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-37488 Cross-site Scripting vulnerability in SAP Netweaver Process Integration 7.50
In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack.
network
low complexity
sap CWE-79
6.1
2023-07-11 CVE-2023-35872 Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration 7.50
The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity.
network
low complexity
sap CWE-306
6.5
2023-07-11 CVE-2023-35873 Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration 7.50
The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity.
network
low complexity
sap CWE-306
6.5
2022-12-13 CVE-2022-41272 Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system.
network
low complexity
sap CWE-862
8.6
2022-12-13 CVE-2022-41271 Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50.
network
low complexity
sap CWE-862
critical
9.4
2021-05-11 CVE-2021-27617 Improper Input Validation vulnerability in SAP Netweaver Process Integration
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source.
network
low complexity
sap CWE-20
4.9
2021-05-11 CVE-2021-27618 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Process Integration
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source.
network
low complexity
sap CWE-434
4.9
2021-04-14 CVE-2021-27604 XXE vulnerability in SAP Netweaver Process Integration
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.
network
low complexity
sap CWE-611
6.5
2021-04-14 CVE-2021-27599 Unspecified vulnerability in SAP Netweaver Process Integration
SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted.
network
low complexity
sap
6.5
2019-10-08 CVE-2019-0367 Missing Authorization vulnerability in SAP Netweaver Process Integration 1.0/2.0
SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.
network
low complexity
sap CWE-862
4.3