Directory traversal in SAP NetWeaver Application Server
| Risk | High |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-12637 |
| CWE-ID | CWE-22 |
| Exploitation vector | Network |
| Public exploit | This vulnerability is being exploited in the wild. |
| Vulnerable software |
SAP NetWeaver Server applications / Application servers |
| Vendor | SAP |
Security Bulletin
This security bulletin contains one high risk vulnerability.
1) Path traversal
EUVDB-ID: #VU7695
Risk: High
CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2017-12637
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to read arbitrary files on the vulnerable system.
The vulnerability exists due to improper input validation in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS component in SAP NetWeaver Application Server Java 7.5. A remote unauthenticated attacker can use directory traversal sequences (e.g. "../") to read contents of arbitrary file on vulnerable system.
Successful exploitation of this vulnerability may allow an attacker to gain acces to potentially sensitive information.
Note: there are reports that this vulnerability is being active exploited in the wild in August 2017.
Cybersecurity Help is currenlty unaware of any official solution to address this vulnerability.
Vulnerable software versionsSAP NetWeaver: 7.50
CPE2.3 External linkshttps://nvd.nist.gov/vuln/detail/CVE-2017-12637
https://www.sh0w.top/index.php/archives/7/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
