THREAT OPS › CVEs › CVE-2016-3976
CVE-2016-3976 — SAP NetWeaver Directory Traversal Vulnerability
SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.
Vulnerability details
- Affected productsNetWeaver
- KEV remediation due2022-05-03