{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34685", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "state": "PUBLISHED", "assignerShortName": "sap", "dateReserved": "2024-05-07T05:46:11.657Z", "datePublished": "2024-07-09T03:53:38.517Z", "dateUpdated": "2024-08-02T02:59:21.683Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP NetWeaver Knowledge Management XMLEditor", "vendor": "SAP_SE", "versions": [{"status": "affected", "version": "KMC-WPC 7.50"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Due to weak encoding of user-controlled input in\nSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can\nbe executed in the application, potentially leading to a Cross-Site Scripting\n(XSS) vulnerability. This has no impact on the availability of the application\nbut it has a low impact on its confidentiality and integrity.\n\n\n\n"}], "value": "Due to weak encoding of user-controlled input in\nSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can\nbe executed in the application, potentially leading to a Cross-Site Scripting\n(XSS) vulnerability. This has no impact on the availability of the application\nbut it has a low impact on its confidentiality and integrity."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-07-09T03:53:38.517Z"}, "references": [{"url": "https://url.sap/sapsecuritypatchday"}, {"url": "https://me.sap.com/notes/3468681"}], "source": {"discovery": "UNKNOWN"}, "title": "[CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-23T14:51:26.941635Z", "id": "CVE-2024-34685", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T14:51:35.988Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:21.683Z"}, "title": "CVE Program Container", "references": [{"url": "https://url.sap/sapsecuritypatchday", "tags": ["x_transferred"]}, {"url": "https://me.sap.com/notes/3468681", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://url.sap/sapsecuritypatchday", "tags": ["x_transferred"]}, {"url": "https://me.sap.com/notes/3468681", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:59:21.683Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34685", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-23T14:51:26.941635Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-23T14:51:32.100Z"}}], "cna": {"title": "[CVE-2024-34685] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Knowledge Management XMLEditor", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SAP_SE", "product": "SAP NetWeaver Knowledge Management XMLEditor", "versions": [{"status": "affected", "version": "KMC-WPC 7.50"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://url.sap/sapsecuritypatchday"}, {"url": "https://me.sap.com/notes/3468681"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Due to weak encoding of user-controlled input in\nSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can\nbe executed in the application, potentially leading to a Cross-Site Scripting\n(XSS) vulnerability. This has no impact on the availability of the application\nbut it has a low impact on its confidentiality and integrity.", "supportingMedia": [{"type": "text/html", "value": "Due to weak encoding of user-controlled input in\nSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can\nbe executed in the application, potentially leading to a Cross-Site Scripting\n(XSS) vulnerability. This has no impact on the availability of the application\nbut it has a low impact on its confidentiality and integrity.\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2024-07-09T03:53:38.517Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34685", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:59:21.683Z", "dateReserved": "2024-05-07T05:46:11.657Z", "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "datePublished": "2024-07-09T03:53:38.517Z", "assignerShortName": "sap"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_\\(kmc-cm\\):7.50:*:*:*:*:*:*:*", "matchCriteriaId": "E96E9634-127A-45F3-AE07-F6481CC6AAA4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Due to weak encoding of user-controlled input in\nSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can\nbe executed in the application, potentially leading to a Cross-Site Scripting\n(XSS) vulnerability. This has no impact on the availability of the application\nbut it has a low impact on its confidentiality and integrity."}, {"lang": "es", "value": "Debido a la codificaci\u00f3n d\u00e9bil de la entrada controlada por el usuario en SAP NetWeaver Knowledge Management XMLEditor, que permite que se puedan ejecutar scripts maliciosos en la aplicaci\u00f3n, lo que podr\u00eda provocar una vulnerabilidad de Cross-Site Scripting (XSS). Esto no tiene ning\u00fan impacto en la disponibilidad de la aplicaci\u00f3n pero tiene un impacto bajo en su confidencialidad e integridad."}], "id": "CVE-2024-34685", "lastModified": "2024-11-21T09:19:11.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "cna@sap.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-09T04:15:12.090", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3468681"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://url.sap/sapsecuritypatchday"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3468681"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://url.sap/sapsecuritypatchday"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@sap.com", "type": "Secondary"}]}

{}

{}