Skip to main content

Process Integration

2 CVEs product

Monthly

CVE-2020-6305 MEDIUM This Month

PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Process Integration
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2019-0379 MEDIUM This Month

SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Process Integration
NVD
CVSS 3.1
5.3
EPSS
0.8%
EPSS 1% CVSS 6.1
MEDIUM This Month

PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS SAP Process Integration
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SAP Process Integration
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy