Vulnerability cyber

SAP

Mar 20, 2025 1 min read
SAP

SAP's NetWeaver Application Server Java was found vulnerable to a critical directory traversal flaw identified as CVE-2017-12637. This vulnerability allows remote attackers to read arbitrary files, potentially leading to a compromise of sensitive information and system integrity. The flaw, given a CVSS score of 7.5, indicates a high severity risk. Being actively exploited in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to mitigate this risk urgently by April 9, 2025. Failure to patch or apply CISA's advisories could lead to serious data breaches, affecting customer and organizational data and disrupting significant operational capacities.

Source: https://cybersecuritynews.com/cisa-warns-of-sap-netweaver-directory-traversal-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/sap

"id": "sap443032025",
"linkid": "sap",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Software',
                        'name': 'SAP',
                        'type': 'Organization'}],
 'attack_vector': 'Directory Traversal',
 'data_breach': {'type_of_data_compromised': ['Customer data',
                                              'Organizational data']},
 'description': "SAP's NetWeaver Application Server Java was found vulnerable "
                'to a critical directory traversal flaw identified as '
                'CVE-2017-12637. This vulnerability allows remote attackers to '
                'read arbitrary files, potentially leading to a compromise of '
                'sensitive information and system integrity. The flaw, given a '
                'CVSS score of 7.5, indicates a high severity risk. Being '
                'actively exploited in the wild, the Cybersecurity and '
                'Infrastructure Security Agency (CISA) has mandated federal '
                'agencies to mitigate this risk urgently by April 9, 2025. '
                "Failure to patch or apply CISA's advisories could lead to "
                'serious data breaches, affecting customer and organizational '
                'data and disrupting significant operational capacities.',
 'impact': {'data_compromised': ['Customer data', 'Organizational data'],
            'operational_impact': 'Significant operational capacities '
                                  'disrupted',
            'systems_affected': ['SAP NetWeaver Application Server Java']},
 'recommendations': ['Patch the vulnerability', "Apply CISA's advisories"],
 'references': [{'source': 'CISA Advisory'}],
 'response': {'remediation_measures': ['Patching',
                                       "Applying CISA's advisories"]},
 'title': 'SAP NetWeaver Application Server Java Directory Traversal '
          'Vulnerability',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2017-12637'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.