Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-0283

Опубликовано: 10 апр. 2019
Источник: nvd
CVSS3: 7.1
CVSS2: 5.5
EPSS Низкий

Описание

SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_process_integration:7.10:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_process_integration:7.11:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_process_integration:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_process_integration:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_process_integration:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_process_integration:7.50:*:*:*:*:*:*:*

EPSS

Процентиль: 32%
0.00126
Низкий

7.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-290

Связанные уязвимости

github логотип

GHSA-498x-38mj-f75g

CVSS3: 7.1
github
больше 3 лет назад

SAP NetWeaver Process Integration (Adapter Engine), fixed in versions 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; is vulnerable to Digital Signature Spoofing. It is possible to spoof XML signatures and send arbitrary requests to the server via PI Axis adapter. These requests will be accepted by the PI Axis adapter even if the payload has been altered, especially when the signed element is the body of the xml document.

fstec логотип

BDU:2019-04857

CVSS3: 7.1
fstec
почти 7 лет назад

Уязвимость программного обеспечения для интеграции корпоративных приложений SAP NetWeaver Process Integration, связанная с недостатками контроля доступа, позволяющая нарушителю отправлять произвольные запросы на сервер через адаптер PI Axis

EPSS

Процентиль: 32%
0.00126
Низкий

7.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-290