Back to KEVs

CVE-2017-12637

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote...

Basic Information

CVE State: PUBLISHED
Reserved Date: August 07, 2017
Published Date: August 07, 2017
Last Updated: March 27, 2025
Vendor: n/a
Product: n/a
Description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.

CVSS Scores

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: partial

Exploit Status

Exploited in the Wild: Yes (added 2025-03-19 00:00:00 UTC) Source

References

https://web.archive.org/web/20170807202056/http://www.sh0w.top/index.php/archives/7/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2025-03-19 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-12637.yaml	2025-04-26 00:00:00 UTC