Unrated severityNVD Advisory· Published Sep 14, 2021· Updated Aug 4, 2024
CVE-2021-37531
CVE-2021-37531
Description
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=7.10, <=7.50
- SAP SE/SAP NetWeaver Knowledge Management XML Formsv5Range: < 7.10
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/165751/SAP-Enterprise-Portal-XSLT-Injection.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2022/Jan/75mitremailing-listx_refsource_FULLDISC
- launchpad.support.sap.commitrex_refsource_MISC
- wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.