⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2016-3976

CWE-22 — Path Traversal6 documents6 sources

Severity

7.5HIGH

EPSS

81.5%

top 0.82%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

SAP Netweaver Application Server Java

Timeline

PublishedApr 7

KEV addedNov 3

Latest updateApr 30

KEV dueMay 3

CISA Required Action: Apply updates per vendor instructions.

Description

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDsap/netweaver_application7.10 — 7.50

🔴Vulnerability Details

GHSA

GHSA-jvxp-2488-w24g: Directory traversal vulnerability in SAP NetWeaver AS Java 7↗2022-04-30

▶

CVEList

CVE-2016-3976: Directory traversal vulnerability in SAP NetWeaver AS Java 7↗2016-04-07

▶

VulnCheck

SAP NetWeaver Directory Traversal Vulnerability↗2016

▶

💥Exploits & PoCs

Exploit-DB

SAP NetWeaver AS JAVA 7.1 < 7.5 - Directory Traversal↗2016-06-21

▶

📋Vendor Advisories

CISA

SAP NetWeaver Directory Traversal Vulnerability↗2021-11-03

▶