Vulnerabilities > SAP > Netweaver Knowledge Management XML Forms > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-09-14 CVE-2021-37531 OS Command Injection vulnerability in SAP Netweaver Knowledge Management XML Forms
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file.
network
low complexity
sap CWE-78
critical
9.0