CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-34685

Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application but it has a low impact on its confidentiality and integrity.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.5%

CVSS Severity

CVSS v3 Score 6.1

References

https://me.sap.com/notes/3468681
https://url.sap/sapsecuritypatchday
https://me.sap.com/notes/3468681
https://url.sap/sapsecuritypatchday

Products affected by CVE-2024-34685

Sap » Netweaver Knowledge Management And Collaboration (Kmc-Cm) » Version: 7.50

cpe:2.3:a:sap:netweaver_knowledge_management_and_collaboration_(kmc-cm):7.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-34685

Products

Pricing

Contact Us