CVE-2017-12637

⚠ KEVEPSS 93.4%

SAP NetWeaver Directory Traversal Vulnerability

Added to CISA KEV: 3/19/2025

Description

SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.

Affected packages (0)

No package mapping in OSV.