Vulnerability
SAP NetWeaver is a core component of the SAP software stack that serves as a foundation for other SAP components as well as JAVA and ABAP applications. Remote attackers can access arbitrary files through a (..)dot dot in the query string due to a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5.
Mitigation / Precaution
It is possible to mitigate the weakness using a firewall. If you are using SAP NetWeaver Application Server Java 7.5, You should update to the latest version.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
