JNDI Vulnerability in SAP NetWeaver Process Integration Exposing Unauthorized Access
CVE-2022-41271
9.4CRITICAL
What is CVE-2022-41271?
An unauthenticated user can exploit an open interface through JNDI in SAP NetWeaver Process Integration (PI) 7.50, enabling unauthorized access to critical services. This can lead to significant breaches of confidentiality as sensitive information may be read or modified. Additionally, attackers could perform Denial of Service (DoS) attacks and execute SQL injection, impacting the availability of the application while posing limited risks to its integrity.
Affected Version(s)
NetWeaver Process Integration 7.50