VYPR

NetWeaver Knowledge Management XMLEditor

by SAP

CVEs (6)

  • CVE-2024-34685Jul 9, 2024
    risk 0.00cvss epss 0.00

    Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the…

  • CVE-2021-37531Sep 14, 2021
    risk 0.00cvss epss 0.03

    SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a…

  • CVE-2021-33707Aug 10, 2021
    risk 0.00cvss epss 0.02

    SAP NetWeaver Knowledge Management allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via a URL stored in a component. This could enable the attacker to compromise the user's confidentiality and integrity.

  • CVE-2020-6326Sep 9, 2020
    risk 0.00cvss epss 0.01

    SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, allows an authenticated attacker to create malicious links in the UI, when clicked by victim, will execute arbitrary java scripts thus extracting or modifying information otherwise restricted leading to Stored…

  • CVE-2020-6225Apr 14, 2020
    risk 0.00cvss epss 0.01

    SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through…

  • CVE-2018-2477Nov 13, 2018
    risk 0.00cvss epss 0.02

    Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.