CVE-2016-3976CISA KEVEPSS p98.7%

CVE-2016-3976SAP NetWeaver Directory Traversal Vulnerability

SAP / NetWeaver

Description

SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.

Scoring

EPSS46.61% probability of exploitation · percentile 98.7% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2021-11-03

(incoming)1

TypeTargetConfidenceTier
KEVEntrySAP NetWeaver Directory Traversal Vulnerabilitykev-cve-2016-39760%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-40128
CVE
CVE-2025-42922
CVE
SAP NetWeaver Information Disclosure Vulnerability
CVE
SAP Customer Relationship Management (CRM) Path Traversal Vulnerability
CVE
SAP NetWeaver Remote Code Execution Vulnerability
CVE
CVE-2025-3356
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.