Sap · Sap Netweaver Application Server Java · CVE-2017-12637
**Name of the Vulnerable Software and Affected Versions**
SAP NetWeaver Application Server Java version 7.5
**Description**
A directory traversal issue exists, allowing remote attackers to read arbitrary files by including a .. (dot dot) in the query string. This issue has been exploited in the wild.
**Recommendations**
For SAP NetWeaver Application Server Java version 7.5, apply the fix as described in SAP Security Note 2486657 to resolve the issue.