Netweaver Knowledge Management And Collaboration (Kmc-Cm) Security Vulnerabilities

CVE-2020-6225

SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, al...

CVE-2024-34685

Due to weak encoding of user-controlled input inSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts canbe executed in the application, potentially leading to a Cross-Site Scripting(XSS) vulnerability. This has no impact on the availability of the applicationbut it has a low ...