CVE-2022-41271

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Process Integration (PI) version 7.50

Description The issue allows an unauthenticated user to attach to an open interface exposed through JNDI by the Messaging System, making use of an open naming and directory API to access services that could perform unauthorized operations. This affects local users and data, leading to a considerable impact on confidentiality and availability, and a limited impact on the integrity of the application. The unauthorized operations can be used to read any information, modify sensitive information, conduct Denial of Service attacks, and perform SQL Injection.

Recommendations For SAP NetWeaver Process Integration (PI) version 7.50, consider restricting access to the open interface exposed through JNDI to minimize the risk of exploitation. As a temporary workaround, limit the use of the open naming and directory API until a patch is available. Avoid using the vulnerable API for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.