cbcvebase.
CVE-2016-2389
published 2016-02-16

CVE-2016-2389: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4…

PriorityP178high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
41.45%
98.5th percentile
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.

Affected

1 ranges
VendorProductVersion rangeFixed in
sapnetweaver

Detection & IOCsextracted from sources · hover to see the quote

url/XMII/Catalog?Mode=GetFileList&Path=Classes/../../../../../../../../../../../../etc/passwd
path/XMII/Catalog
  • Look for HTTP GET requests to /XMII/Catalog with Mode=GetFileList and a Path parameter containing directory traversal sequences (../) targeting sensitive files such as /etc/passwd.
  • A successful exploitation response will return HTTP 200 and contain Unix passwd file content matching the pattern root:.*:0:0:
  • Identify SAP NetWeaver/xMII instances via Shodan using favicon hash -266008933 or FOFA icon_hash=-266008933 to find exposed attack surface.
  • ·The vulnerability is exploitable without authentication (Auth: None), meaning no credentials are required to read arbitrary files from the server.
  • ·The traversal payload uses the Classes/ prefix before the ../ sequences; detection rules should account for this base path prefix in the Path parameter.

CVSS provenance

nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.