CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-21488
https://notcve.org/view.php?id=CVE-2021-21488
09 Mar 2021 — Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability. Knowledge Management versiones 7.01, 7.02, 7.30, 7.31, 7.40, 7.50, permiten a un atacante remoto con privilegios básicos deserializar unos datos controlados por el usuario sin comprobación, conllevando a una deserialización no segura qu... • https://launchpad.support.sap.com/#/notes/2983436 • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.1EPSS: 0%CPEs: 11EXPL: 0CVE-2020-6225
https://notcve.org/view.php?id=CVE-2020-6225
14 Apr 2020 — SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 and KMC-WPC 7.30, 7.31, 7.40, 7.50), does not sufficiently validate path information provided by users, thus characters representing traverse to parent directory are passed through to the file APIs, allowing the attacker to overwrite, delete, or corrupt arbitrary files on the remote server, leading to Path Traversal. SAP NetWeaver (Knowledge Management), versiones (KMC-CM - 7.00, 7.01, 7.02, 7.30, 7.31, 7.40, 7... • https://launchpad.support.sap.com/#/notes/2896682 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •