PT-2018-15593 · Sap · Sap Netweaver Knowledge Management

Published

2018-11-13

Updated

2019-02-01

CVE-2018-2477

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Knowledge Management (XMLForms) versions 7.30 through 7.50

Description The issue arises from insufficient validation of an XML document accepted from an untrusted source. This could potentially lead to security issues, but specific details about exploitation or affected devices are not provided.

Recommendations For versions 7.30 through 7.50, update to a version that includes the fix for this issue, as the current versions do not sufficiently validate XML documents from untrusted sources.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-91

Related Identifiers

CVE-2018-2477

Affected Products

Sap Netweaver Knowledge Management

PT-2018-15593 · Sap · Sap Netweaver Knowledge Management

CVE-2018-2477

Weakness Enumeration

Related Identifiers

Affected Products

References · 5