CVE-2021-37531
- Source
- https://cve.org/CVERecord?id=CVE-2021-37531
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37531.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-37531
- Published
- 2021-09-14T12:15:10.030Z
- Modified
- 2026-03-14T14:51:19.328295Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
SAP NetWeaver Knowledge Management XML Forms versions - 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity, and availability of the system.
- References
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.40"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.50"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37531.json"