CVE-2021-37531 – SAP NetWeaver Knowledge Management XML Forms versions – 7.10, 7.11, 7.30, 7.31, 7.40, 7.50 …

14 September 2021

Vuln ID: CVE-2021-37531

Published: 2021-09-14 12:15:10Z

Description: SAP NetWeaver Knowledge Management XML Forms versions – 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system.

Source: NVD.NIST.GOV

Date:

14 September 2021

Categorie(s):

NVD

Tag(s):

NVD

North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures25 April 2024
Two cuffed in Samourai Wallet crypto dirty money sting25 April 2024
Ransomware attack causes city street lights to “misbehave”25 April 2024
Google can’t seem to quit cookies, delays killing them again25 April 2024
Analyze Malicious Powershell Scripts by Running Malware in ANY.RUN Sandbox25 April 2024