CVE-2017-12637: SAP NetWeaver Directory Traversal Vulnerability. SAP

SAP NetWeaver Directory Traversal Vulnerability. SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a . (dot dot) in the query string.

• CISA KEV-listed (remediation due 2025-04-09)
• EPSS 93.4% (99.8% percentile)

Browse the CVE database

Read the full analysis on IntelFusions