CVE-2012-1289

2012-02-2318:00:00

mitre

www.cve.org

6.5 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.1%

JSON

Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 allow remote authenticated users to read arbitrary files via a … (dot dot) in the logfilename parameter to (1) b2b/admin/log.jsp or (2) b2b/admin/log_view.jsp in the Internet Sales (crm.b2b) component, or (3) ipc/admin/log.jsp or (4) ipc/admin/log_view.jsp in the Application Administration (com.sap.ipc.webapp.ipc) component.