CVE-2016-2389
published 2016-02-16CVE-2016-2389: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4…
PriorityP178high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
41.45%
98.5th percentile
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | netweaver | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for HTTP GET requests to /XMII/Catalog with Mode=GetFileList and a Path parameter containing directory traversal sequences (../) targeting sensitive files such as /etc/passwd. ↗
- →A successful exploitation response will return HTTP 200 and contain Unix passwd file content matching the pattern root:.*:0:0: ↗
- →Identify SAP NetWeaver/xMII instances via Shodan using favicon hash -266008933 or FOFA icon_hash=-266008933 to find exposed attack surface. ↗
- ·The vulnerability is exploitable without authentication (Auth: None), meaning no credentials are required to read arbitrary files from the server. ↗
- ·The traversal payload uses the Classes/ prefix before the ../ sequences; detection rules should account for this base path prefix in the Path parameter. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:C/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7r5q-xqh9-3hxf: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15
ghsa_unreviewed·2022-05-14
CVE-2016-2389 [HIGH] CWE-22 GHSA-7r5q-xqh9-3hxf: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
VulnCheck
SAP NetWeaver Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2016·CVSS 7.5
CVE-2016-2389 [HIGH] SAP NetWeaver Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
SAP NetWeaver Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
Affected: SAP NetWeaver
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://app.crowdsec.net/cti/cve-explorer/CVE-2016-2389
No detection rules found.
Exploit-DB
SAP xMII 15.0 - Directory Traversal
exploitdb·2016-05-17·CVSS 7.5
CVE-2016-2389 [HIGH] SAP xMII 15.0 - Directory Traversal
SAP xMII 15.0 - Directory Traversal
---
Application: SAP xMII
Versions Affected: SAP MII 15.0
Vendor URL: http://SAP.com
Bugs: Directory traversal
Sent: 29.07.2015
Reported: 29.07.2015
Vendor response: 30.07.2015
Date of Public Advisory: 09.02.2016
Reference: SAP Security Note 2230978
Author: Dmitry Chastuhin (ERPScan)
Description
1. ADVISORY INFORMATION
Title: SAP xMII – directory traversal vulnerability
Advisory ID: [ERPSCAN-16-009]
Risk: high priority
Advisory URL: https://erpscan.com/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
Date published: 09.02.2016
Vendors contacted: SAP
2. VULNERABILITY INFORMATION
Class: [CWE-36]
Impact: SAP xMII directory traversal, read file from server
Remotely Exploitable: Yes
Locally Exploitable: No
CVE:
Nuclei
SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2016-2389 [HIGH] SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
Template:
id: CVE-2016-2389
info:
name: SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion
author: daffainfo
severity: high
description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
impact: |
Successful exploitation of this vulnerability could allow an
No writeups or analysis indexed.
http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2016/May/40https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/https://www.exploit-db.com/exploits/39837/http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.htmlhttp://seclists.org/fulldisclosure/2016/May/40https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/https://www.exploit-db.com/exploits/39837/
2016-02-16
Published
Exploited in the wild