Due to weak encoding of user-controlled input in
SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can
be executed in the application, potentially leading to a Cross-Site Scripting
(XSS) vulnerability. This has no impact on the availability of the application
but it has a low impact on its confidentiality and integrity.
References
| Link | Resource |
|---|---|
| https://me.sap.com/notes/3468681 | Permissions Required |
| https://url.sap/sapsecuritypatchday | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
29 Aug 2024, 19:29
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\(kmc-cm\):7.50:*:*:*:*:*:*:* | |
| References | () https://me.sap.com/notes/3468681 - Permissions Required | |
| References | () https://url.sap/sapsecuritypatchday - Vendor Advisory | |
| First Time |
Sap netweaver Knowledge Management And Collaboration \(kmc-cm\)
Sap |
09 Jul 2024, 18:19
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
09 Jul 2024, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-07-09 04:15
Updated : 2024-08-29 19:29
NVD link : CVE-2024-34685
Mitre link : CVE-2024-34685
CVE.ORG link : CVE-2024-34685
JSON object : View
Products Affected
sap
- netweaver_knowledge_management_and_collaboration_\(kmc-cm\)
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')