13 results (0.008 seconds)

CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability. Integration Builder Framework de SAP Process Integration versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba suficientemente un documento XML cargado desde una fuente local. Un atacante puede crear un XML malicioso que, cuando la aplicación lo carga y lo analiza, podría conllevar a condiciones de Denegación de Servicio debido al consumo de una gran cantidad de memoria del sistema, impactando altamente la disponibilidad del sistema • https://launchpad.support.sap.com/#/notes/3012021 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 • CWE-20: Improper Input Validation •

CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application. Integration Builder Framework de SAP Process Integration versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba la extensión del tipo de archivo del archivo cargado desde la fuente local. Un atacante podría crear un archivo malicioso y cargarlo en la aplicación, lo que podría conllevar a la denegación de servicio y afectar la disponibilidad de la aplicación • https://launchpad.support.sap.com/#/notes/3012021 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted. SAP NetWeaver ABAP Server y ABAP Platform (Process Integration - Integration Builder Framework), versiones - 7.10, 7.30, 7.31, 7.40, 7.50, permiten que un atacante acceda a información bajo determinadas condiciones, que de otro modo estarían restringidas • https://launchpad.support.sap.com/#/notes/3012277 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 •

CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. A fin de impedir una vulnerabilidad de XML External Entity en SAP NetWeaver ABAP Server y ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versiones - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recomienda consultar esta nota • https://launchpad.support.sap.com/#/notes/3036436 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted. Bajo ciertas condiciones, SAP NetWeaver Process Integration Runtime Workbench - MESSAGING y SAP_XIAF (anterior a las versiones 7.31, 7.40, 7.50) permiten que un atacante acceda a información que de otro modo estaría restringida. • https://launchpad.support.sap.com/#/notes/2802521 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=525962506 •