CVE-2016-3976 - SAP NetWeaver Directory Traversal Vulnerability
Project:SAP
Product:NetWeaver
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
SAP NetWeaver Directory Traversal Vulnerability
Description
SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-3976