Cybersecurity Alerts

Actively Exploited Vulnerabilities

← Back to Cybersecurity Alerts

CVE-2016-3976

SAP | NetWeaverAdded 2021-11-03Remediation Deadline 2022-05-03

SAP NetWeaver Directory Traversal Vulnerability

SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.

Required Action

Apply updates per vendor instructions.

Weakness Classification

CWE-22

References