SAP NetWeaver Knowledge Management XMLEditor Vulnerable to Cross-Site Scripting (XSS)
CVE-2024-34685

6.1MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Knowledge Management Xmleditor
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-34685?

Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application but it has a low impact on its confidentiality and integrity.

Affected Version(s)

SAP NetWeaver Knowledge Management XMLEditor KMC-WPC 7.50

References

https://url.sap/sapsecuritypatchday

https://me.sap.com/notes/3468681

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024
Vulnerability Reserved
May 7, 2024