CVE-2017-12637
SAP NetWeaver Directory Traversal Vulnerability
SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string. Vendor/Product: SAP NetWeaver. Added to CISA KEV 2025-03-19; required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.