3081888 — [CVE-2021–37531] Code Injection vulnerability in SAP NetWeaver Knowledge Management (XMLForms)
Description
The SAP Netweaver Portal contains an XSLT vulnerability which allows a non-administrative authenticated attacker to craft a malicious XSL stylesheet file containing a script with OS-level commands, copy it into a location to be accessed by the system and then create a file which will trigger the XSLT engine to execute the script contained within the malicious XSL file. This can result in a full compromise of the confidentiality, integrity and availability of the system.
Solution
The vulnerability is fixed with modifications to the XMLToolkit parser. This fix can be applied in the patches listed in the “Support Packages & Patches” section below.
CVSS v3.0 Base Score: 9,9 / 10
Exploit
Available, deployed to RedRays scanner.
scanner@redrays.io