Page 2 of 19 results (0.012 seconds)

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection Un usuario no autenticado puede conectarse a una interfaz abierta expuesta a través de JNDI por el sistema de mensajería de SAP NetWeaver Process Integration (PI), versión 7.50. Este usuario puede hacer uso de una API de directorio y nombres abiertos para acceder a servicios que podrían realizar operaciones no autorizadas. • https://launchpad.support.sap.com/#/notes/3267780 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •

CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large amount of system memory, thus highly impacting system availability. Integration Builder Framework de SAP Process Integration versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba suficientemente un documento XML cargado desde una fuente local. Un atacante puede crear un XML malicioso que, cuando la aplicación lo carga y lo analiza, podría conllevar a condiciones de Denegación de Servicio debido al consumo de una gran cantidad de memoria del sistema, impactando altamente la disponibilidad del sistema • https://launchpad.support.sap.com/#/notes/3012021 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 • CWE-20: Improper Input Validation •

CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 0

The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the application. Integration Builder Framework de SAP Process Integration versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, no comprueba la extensión del tipo de archivo del archivo cargado desde la fuente local. Un atacante podría crear un archivo malicioso y cargarlo en la aplicación, lo que podría conllevar a la denegación de servicio y afectar la disponibilidad de la aplicación • https://launchpad.support.sap.com/#/notes/3012021 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=576094655 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted. SAP NetWeaver ABAP Server y ABAP Platform (Process Integration - Integration Builder Framework), versiones - 7.10, 7.30, 7.31, 7.40, 7.50, permiten que un atacante acceda a información bajo determinadas condiciones, que de otro modo estarían restringidas • https://launchpad.support.sap.com/#/notes/3012277 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 •

CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note. A fin de impedir una vulnerabilidad de XML External Entity en SAP NetWeaver ABAP Server y ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versiones - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recomienda consultar esta nota • https://launchpad.support.sap.com/#/notes/3036436 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 • CWE-611: Improper Restriction of XML External Entity Reference •