CVE-2017-12637CISA KEVEPSS p99.8%

CVE-2017-12637SAP NetWeaver Directory Traversal Vulnerability

SAP / NetWeaver

Description

SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.

Scoring

EPSS94.56% probability of exploitation · percentile 99.8% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2025-03-19

(incoming)1

TypeTargetConfidenceTier
KEVEntrySAP NetWeaver Directory Traversal Vulnerabilitykev-cve-2017-126370%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-40128
CVE
SAP Customer Relationship Management (CRM) Path Traversal Vulnerability
CVE
CVE-2025-42922
CVE
SAP NetWeaver Information Disclosure Vulnerability
CVE
CVE-2026-27674
CVE
CVE-2026-44746
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.