Sap Se Sap Process Integration vulnerabilities

5 known vulnerabilities affecting sap_se/sap_process_integration.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

MEDIUM5

Vulnerabilities

Page 1 of 1

CVE-2021-27617MEDIUMCVSS 4.9fixed in 7.10fixed in 7.11+5 more2021-05-11

CVE-2021-27617 [MEDIUM] CWE-20 CVE-2021-27617: The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31 The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document uploaded from local source. An attacker can craft a malicious XML which when uploaded and parsed by the application, could lead to Denial-of-service conditions due to consumption of a large a

CVE-2021-27618MEDIUMCVSS 4.9fixed in 7.10fixed in 7.11+5 more2021-05-11

CVE-2021-27618 [MEDIUM] CWE-434 CVE-2021-27618: The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31 The Integration Builder Framework of SAP Process Integration versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not check the file type extension of the file uploaded from local source. An attacker could craft a malicious file and upload it to the application, which could lead to denial of service and impact the availability of the applicatio

CVE-2021-27599MEDIUMCVSS 6.5fixed in 7.10fixed in 7.30+3 more2021-04-14

CVE-2021-27599 [MEDIUM] CVE-2021-27599: SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), v SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Integration Builder Framework), versions - 7.10, 7.30, 7.31, 7.40, 7.50, allows an attacker to access information under certain conditions, which would otherwise be restricted.

CVE-2021-27604MEDIUMCVSS 6.5fixed in 7.10fixed in 7.20+4 more2021-04-14

CVE-2021-27604 [MEDIUM] CWE-611 CVE-2021-27604: In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.

CVE-2020-26814MEDIUMCVSS 4.9fixed in 1.02020-11-10

CVE-2020-26814 [MEDIUM] CVE-2020-26814: SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacke SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure.