CVE-2019-0315

HIGH

SAP NetWeaver Process Integration - Information Disclosure via PI Integration Builder Web UI

Title source: llm

Description

Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20, 7.30) allows an attacker to access passwords used in FTP channels leading to information disclosure.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2755438

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242

Scores

CVSS v3 7.5

EPSS 0.0028

EPSS Percentile 51.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published

Products (7)

sap/netweaver_process_integration 7.10

sap/netweaver_process_integration 7.11

sap/netweaver_process_integration 7.20

sap/netweaver_process_integration 7.30

sap/netweaver_process_integration 7.31

sap/netweaver_process_integration 7.40

sap/netweaver_process_integration 7.50

Published Jun 12, 2019

Tracked Since Feb 18, 2026