SAP NetWeaver Application Server Java is a core component of SAP’s enterprise platform, widely used by large organizations to support mission-critical applications. In 2017, a high-severity vulnerability was discovered in version 7.5 that allows unauthenticated attackers to access sensitive server files. Notably, this flaw has been actively exploited in real-world environments, increasing its impact and the urgency for the affected organizations.
| Product | SAP-NetWeaver |
| Date | 2025-04-29 16:54:17 |
| Information |
|
Technical Summary
The vulnerability resides in the scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS endpoint of SAP NetWeaver AS Java 7.5. Due to insufficient input validation, an unauthenticated attacker can exploit a directory traversal flaw by appending ..? sequences to the query string. This manipulation allows the attacker to read arbitrary files on the server, such as configuration files located in the WEB-INF and META-INF directories.
Recommendations
Apply SAP security patches: Implement the fixes provided in SAP Security Note 2486657 to resolve this vulnerability.
Restrict access: If applying the patch immediately is not possible, restrict access to the vulnerable endpoint (
/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS) via network controls or web server configurations.Monitor systems: Check server logs for unusual access patterns to sensitive directories and files, which may indicate exploitation attempts.
[Callforaction-THREAT-Footer]