Vulnerabilities > SAP > Process Integration

DATE CVE VULNERABILITY TITLE RISK
2020-01-14 CVE-2020-6305 Cross-site Scripting vulnerability in SAP Process Integration 7.31/7.40/7.50
PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
network
sap CWE-79
4.3
4.3
2019-10-08 CVE-2019-0379 Insufficient Verification of Data Authenticity vulnerability in SAP Process Integration 1.0/2.0
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
network
low complexity
sap CWE-345
5.0
5.0