claytonvantol.us
SESSION: secure TLS: 1.3 PID: 1337

clayton@site:~/news$ cat cve-2016-3976-sap-netweaver.log

CVE-2016-3976 — SAP NetWeaver Directory Traversal Vulnerability

2021-11-03 • CISA Known Exploited Vulnerability

[event] SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.

> AFFECTED SOFTWARE

Field Value
Vendor SAP
Product NetWeaver
CWE CWE-22
CVE ID CVE-2016-3976
Date Added 2021-11-03
Due Date 2022-05-03
Ransomware Campaign Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-05-03

> REFERENCES

← back to terminal

UPTIME: 1337d v2.0.1 privacy LAST LOGIN: 2026-05-30 20:36:16 UTC