CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-12637

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.919

EPSS Ranking 99.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

Proposed Action

SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.

Ransomware Campaign

Unknown

References

https://web.archive.org/web/20170807202056/http://www.sh0w.top/index.php/archives/7/

Products affected by CVE-2017-12637

Sap » Netweaver Application Server Java » Version: 7.50

cpe:2.3:a:sap:netweaver_application_server_java:7.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-12637

Products

Pricing

Contact Us