CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: May 3, 2022
High
CISA KEVEPSS 81.5%CVE-2016-3976
SAP—NetWeaver
SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.
EPSS — Exploit Probability
81.5%
Higher than 99.2% of all CVEs
Required Action
https://nvd.nist.gov/vuln/detail/CVE-2016-3976
Vulnerability Overview
- Severity
- High
- EPSS
- 81.5%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Nov 3, 2021
- KEV Added
- Nov 3, 2021
- Due Date
- May 3, 2022
- Related Articles
- 0
Vendor
SAP
NetWeaver