Sap Netweaver Process Integration — known CVE vulnerabilities
Every CVE whose affected-product data names Sap Netweaver Process Integration, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (21)
CVE-2022-41272 — CVSS 9.9 (critical): An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP…
CVE-2022-41271 — CVSS 9.4 (critical): An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration…
CVE-2019-0315 — CVSS 7.5 (high): Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20…
CVE-2019-0328 — CVSS 7.2 (high): ABAP Tests Modules (SAP Basis, versions 7.0, 7.1, 7.3, 7.31, 7.4, 7.5) of SAP NetWeaver Process Integration enables an attacker the…
CVE-2019-0283 — CVSS 7.1 (high): SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital…
CVE-2023-35872 — CVSS 6.5 (medium): The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for…
CVE-2023-35873 — CVSS 6.5 (medium): The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for…
CVE-2021-27599 — CVSS 6.5 (medium): SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50…
CVE-2021-27604 — CVSS 6.5 (medium): In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise…
CVE-2023-37488 — CVSS 6.1 (medium): In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently…
CVE-2019-0337 — CVSS 6.1 (medium): Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode…
CVE-2024-28163 — CVSS 5.3 (medium): Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access…
CVE-2019-0312 — CVSS 5.3 (medium): Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and…
CVE-2019-0282 — CVSS 5.3 (medium): Several web pages in SAP NetWeaver Process Integration (Runtime Workbench), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; can be…
CVE-2021-27618 — CVSS 4.9 (medium): The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file…
CVE-2021-27617 — CVSS 4.9 (medium): The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently…
CVE-2019-0316 — CVSS 4.8 (medium): SAP NetWeaver Process Integration, versions: SAP_XIESR: 7.20, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently…
CVE-2019-0367 — CVSS 4.3 (medium): SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an…
CVE-2019-0305 — CVSS 4.3 (medium): Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40…
CVE-2019-0356 — CVSS 4.3 (medium): Under certain conditions SAP NetWeaver Process Integration Runtime Workbench – MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50)…
CVE-2019-0278 — CVSS 4.3 (medium): Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to…