SAP Manufacturing Integration Intelligence
By the Year
In 2024 there have been 0 vulnerabilities in SAP Manufacturing Integration Intelligence . Manufacturing Integration Intelligence did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 8.80 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 8.80 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Manufacturing Integration Intelligence vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Manufacturing Integration Intelligence Security Vulnerabilities
SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment)
CVE-2021-21480
8.8 - High
- March 09, 2021
SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAP_XMII Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. Also, an attacker authenticated as a developer can use the application to upload and execute a file which will permit them to execute operating systems commands completely compromising the server hosting the application.
Code Injection
SAP Manufacturing Integration and Intelligence
CVE-2019-0267
8.8 - High
- February 15, 2019
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.
Session Riding
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Manufacturing Integration Intelligence or by SAP? Click the Watch button to subscribe.
