VYPR
High severity7.5CISA KEVNVD Advisory· Published Aug 7, 2017· Updated Jun 17, 2026

CVE-2017-12637

CVE-2017-12637

Description

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.