Exposures › CVE-2017-12637
CVE-2017-12637
Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-03-19
Reference
⌖ exploited in the wild
shame 50/100
exploited-in-wild
SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.
Players implicated
Description
SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.
Affected FedRAMP products 2 in the catalog
| Product | Provider | Status | Match |
|---|---|---|---|
| SAP NS2 Cloud Intelligent Enterprise | SAP National Security Services Inc. (SAP NS2) | Authorized | vendor-exact · 0.90 |
| SAP NS2 Secure Node with SuccessFactors Suite - DoD | SAP National Security Services Inc. (SAP NS2) | Authorized | vendor-exact · 0.90 |