Published: 16/02/2016 Updated: 10/12/2018

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote malicious users to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver 7.40

Application: SAP xMII Versions Affected: SAP MII 150 Vendor URL: SAPcom Bugs: Directory traversal Sent: 29072015 Reported: 29072015 Vendor response: 30072015 Date of Public Advisory: 09022016 Reference: SAP Security Note 2230978 Author: Dmitry Chastuhin (ERPScan) Description 1 ADVISORY INFORMATION Title: SAP xMII ...

SAP MII version 150 suffers from a directory traversal vulnerability ...

CWE-22 http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html https://www.exploit-db.com/exploits/39837/http://seclists.org/fulldisclosure/2016/May/40 https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/https://nvd.nist.gov https://www.exploit-db.com/exploits/39837/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-2389

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect