CVE-2016-3976: SAP NetWeaver Directory Traversal Vulnerability. SAP
SAP NetWeaver Directory Traversal Vulnerability. SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.
- CISA KEV-listed (remediation due 2022-05-03)
- EPSS 76.3% (99.0% percentile)