cvedb.io
CVE-2016-2389
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2016-02-16T15:59:03.023 · Last modified 2026-06-17T00:43:57.393

Summary

Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.

Affected products

sap — netweaver

Does this affect you?

Add your gear to cvedb and we'll alert you only when sap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.