Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Knowledge Management (XMLForms) in SAP NetWeaver by SAP

    CVE-2018-2477 (GCVE-0-2018-2477)

    Vulnerability from nvd – Published: 2018-11-13 20:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
    Severity
    No CVSS data available.
    CWE
    • Missing XML Validation
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP Knowledge Management (XMLForms) in SAP NetWeaver Affected: = 7.30
    Affected: = 7.31
    Affected: = 7.40
    Affected: = 7.50
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:34.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2661740"
              },
              {
                "name": "105901",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105901"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Knowledge Management (XMLForms) in SAP NetWeaver",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 7.30"
                },
                {
                  "status": "affected",
                  "version": "= 7.31"
                },
                {
                  "status": "affected",
                  "version": "= 7.40"
                },
                {
                  "status": "affected",
                  "version": "= 7.50"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing XML Validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2661740"
            },
            {
              "name": "105901",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105901"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2477",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Knowledge Management (XMLForms) in SAP NetWeaver",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "7.30"
                              },
                              {
                                "version_name": "=",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "=",
                                "version_value": "7.40"
                              },
                              {
                                "version_name": "=",
                                "version_value": "7.50"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing XML Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2661740",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2661740"
                },
                {
                  "name": "105901",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105901"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2477",
        "datePublished": "2018-11-13T20:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:34.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2477 (GCVE-0-2018-2477)

    Vulnerability from cvelistv5 – Published: 2018-11-13 20:00 – Updated: 2024-08-05 04:21
    VLAI
    Summary
    Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
    Severity
    No CVSS data available.
    CWE
    • Missing XML Validation
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP Knowledge Management (XMLForms) in SAP NetWeaver Affected: = 7.30
    Affected: = 7.31
    Affected: = 7.40
    Affected: = 7.50
    Create a notification for this product.
    Date Public
    2018-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:34.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2661740"
              },
              {
                "name": "105901",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105901"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Knowledge Management (XMLForms) in SAP NetWeaver",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 7.30"
                },
                {
                  "status": "affected",
                  "version": "= 7.31"
                },
                {
                  "status": "affected",
                  "version": "= 7.40"
                },
                {
                  "status": "affected",
                  "version": "= 7.50"
                }
              ]
            }
          ],
          "datePublic": "2018-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing XML Validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-11-14T10:57:02.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2661740"
            },
            {
              "name": "105901",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105901"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2018-2477",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Knowledge Management (XMLForms) in SAP NetWeaver",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "7.30"
                              },
                              {
                                "version_name": "=",
                                "version_value": "7.31"
                              },
                              {
                                "version_name": "=",
                                "version_value": "7.40"
                              },
                              {
                                "version_name": "=",
                                "version_value": "7.50"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing XML Validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2661740",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2661740"
                },
                {
                  "name": "105901",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105901"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=503809832"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2018-2477",
        "datePublished": "2018-11-13T20:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T04:21:34.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }