Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SAP NetWeaver Knowledge Management Configuration Service 操作系统命令注入漏洞
Vulnerability Description
SAP NetWeaver Knowledge Management Configuration Service是德国思爱普(SAP)公司的一款知识管理解决方案配置服务。 SAP NetWeaver Knowledge Management XML Forms 7.10、7.11、7.30、7.31、7.40、7.50版本存在操作系统命令注入漏洞,该漏洞允许非管理员身份验证的攻击者制作包含操作系统级命令脚本的恶意 XSL 样式表文件,并将其复制进入系统要访问的位置,然后创建一个文件,该文件将触发 XSLT
CVSS Information
N/A
Vulnerability Type
N/A