Description
Knowledge Management versions 7.01, 7.02, 7.30, 7.31, 7.40, 7.50 allows a remote attacker with basic privileges to deserialize user-controlled data without verification, leading to insecure deserialization which triggers the attacker’s code, therefore impacting Availability.
CVSS breakdown
CVSS 3.0
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- SAP_SE / SAP NetWeaver (Knowledge Management)< 7.01 – < 7.01
- SAP_SE / SAP NetWeaver (Knowledge Management)< 7.02 – < 7.02
- SAP_SE / SAP NetWeaver (Knowledge Management)< 7.30 – < 7.30
- SAP_SE / SAP NetWeaver (Knowledge Management)< 7.31 – < 7.31
- SAP_SE / SAP NetWeaver (Knowledge Management)< 7.40 – < 7.40
- SAP_SE / SAP NetWeaver (Knowledge Management)< 7.50 – < 7.50