THREATOPS
THREAT OPSCVEs › CVE-2016-3976

CVE-2016-3976 — SAP NetWeaver Directory Traversal Vulnerability

CISA KEVExploited: confirmedSAP

SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.

Vulnerability details