QID 87461
Date Published: 2021-08-31
QID 87461: SAP NetWeaver AS Java Directory Traversal Vulnerability
SAP NetWeaver AS for JAVA, versions - 7.50, allows an remote attacker to read arbitrary files via a .. (dot dot) in the query string
Affected Versions
SAP NetWeaver AS JAVA Versions 7.50
QID Detection Logic(s):
Scan initiates HTTP request on Web Server and determines version based on the Server Header.
Successful exploitation of this vulnerability may allow an remote attacker to read arbitrary files via a .. (dot dot) in the query string.
Solution
Customers are advised to follow the SAP Security Note 2486657 for remediation instructions.
Vendor References
CVEs related to QID 87461
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| 2486657 |
|