Primary

Context

SAP NetWeaver Application Server Java Path Traversal Vulnerability Allowing File Inclusion

Vulnerability

A vulnerability in SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to send a malicious HTTP logon request that manipulates file inclusion parameters. This exploitation enables path traversal and the processing of the included file. Such processing could lead to unauthorized viewing or modification of sensitive information or cause disruption to local system availability.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive information, unauthorized modification of data, or disruption of local system services.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying patches and addressing this vulnerability. SAP Security Notes can be accessed through the SAP for Me platform.

Added: Jun 9, 2026, 1:30 AM

Updated: Jun 9, 2026, 1:30 AM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.9

exploitability

7.4

remediation

5.6

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.9

exploitability

7.4

remediation

5.6

relevance

9.4

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP NetWeaver Application Server Java Path Traversal Vulnerability Allowing File Inclusion

Vulnerability

Impact

Remediation

Affected Products

SAP NetWeaver Application Server Java

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating