Vulnerabilities > SAP > Netweaver Process Integration > High

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-41272 Missing Authorization vulnerability in SAP Netweaver Process Integration 7.50
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system.
network
low complexity
sap CWE-862
8.6
2019-07-10 CVE-2019-0328 OS Command Injection vulnerability in SAP Netweaver Process Integration
ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the execution of OS commands with privileged rights.
network
low complexity
sap CWE-78
7.2
2019-06-12 CVE-2019-0315 Unspecified vulnerability in SAP Netweaver Process Integration
Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure.
network
low complexity
sap
7.5
2019-04-10 CVE-2019-0283 Authentication Bypass by Spoofing vulnerability in SAP Netweaver Process Integration
SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing.
network
low complexity
sap CWE-290
7.1