Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sap netweaver process integration 7.50 vulnerabilities and exploits
(subscribe to this query)
4.9
CVSSv3
CVE-2021-27617
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, co...
Sap Netweaver Process Integration 7.10
Sap Netweaver Process Integration 7.11
Sap Netweaver Process Integration 7.30
Sap Netweaver Process Integration 7.31
Sap Netweaver Process Integration 7.40
Sap Netweaver Process Integration 7.50
Sap Netweaver Process Integration 7.20
4.9
CVSSv3
CVE-2021-27618
The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could ...
Sap Netweaver Process Integration 7.10
Sap Netweaver Process Integration 7.11
Sap Netweaver Process Integration 7.20
Sap Netweaver Process Integration 7.30
Sap Netweaver Process Integration 7.31
Sap Netweaver Process Integration 7.40
Sap Netweaver Process Integration 7.50
4.3
CVSSv3
CVE-2019-0278
Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an malicious user to see the names of database tables used by the application, leading to information ...
Sap Netweaver Process Integration 7.11
Sap Netweaver Process Integration 7.30
Sap Netweaver Process Integration 7.31
Sap Netweaver Process Integration 7.40
Sap Netweaver Process Integration 7.10
Sap Netweaver Process Integration 7.50
Sap Netweaver Process Integration 7.20
6.5
CVSSv3
CVE-2023-35873
The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configur...
Sap Netweaver Process Integration 7.50
9.4
CVSSv3
CVE-2022-41271
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations....
Sap Netweaver Process Integration 7.50
8.6
CVSSv3
CVE-2022-41272
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to per...
Sap Netweaver Process Integration 7.50
1 Github repository
6.5
CVSSv3
CVE-2023-35872
The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configu...
Sap Netweaver Process Integration 7.50
6.1
CVSSv3
CVE-2023-37488
In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidential...
Sap Netweaver Process Integration 7.50
6.5
CVSSv3
CVE-2020-26826
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an malicious user to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
NA
CVE-2024-28163
Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an malicious user to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the app...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2