Vulnerabilities > SAP > Netweaver Process Integration > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-08-08 CVE-2023-37488 Cross-site Scripting vulnerability in SAP Netweaver Process Integration 7.50
In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack.
network
low complexity
sap CWE-79
6.1
2023-07-11 CVE-2023-35872 Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration 7.50
The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity.
network
low complexity
sap CWE-306
6.5
2023-07-11 CVE-2023-35873 Missing Authentication for Critical Function vulnerability in SAP Netweaver Process Integration 7.50
The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity.
network
low complexity
sap CWE-306
6.5
2021-05-11 CVE-2021-27617 Resource Exhaustion vulnerability in SAP Netweaver Process Integration
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source.
network
low complexity
sap CWE-400
4.0
2021-05-11 CVE-2021-27618 Unrestricted Upload of File with Dangerous Type vulnerability in SAP Netweaver Process Integration
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source.
network
low complexity
sap CWE-434
4.0
2021-04-14 CVE-2021-27604 XXE vulnerability in SAP Netweaver Process Integration
In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.
network
low complexity
sap CWE-611
4.0
2021-04-14 CVE-2021-27599 Information Exposure vulnerability in SAP Netweaver Process Integration
SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted.
network
low complexity
sap CWE-200
4.0
2019-10-08 CVE-2019-0367 Missing Authorization vulnerability in SAP Netweaver Process Integration 1.0/2.0
SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.
network
low complexity
sap CWE-862
4.0
2019-09-10 CVE-2019-0356 Unspecified vulnerability in SAP Netweaver Process Integration 7.31/7.40/7.50
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap
4.0
2019-08-14 CVE-2019-0337 Cross-site Scripting vulnerability in SAP Netweaver Process Integration
Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability
network
sap CWE-79
4.3