CVE-2016-3976

⚠ KEVEPSS 76.3%

SAP NetWeaver Directory Traversal Vulnerability

Added to CISA KEV: 11/3/2021

Description

SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.

Affected packages (0)

No package mapping in OSV.