LiveActive security incident?Get immediate response
CVE Record

CVE-2017-12637: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver A...

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.

HighCVSS 7.5Known exploitedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

This flaw lets an unauthenticated remote attacker read files from affected SAP NetWeaver Application Server Java 7.5 systems through a directory traversal bug. The main business risk is exposure of sensitive configuration, credentials, or business data. CISA lists it as known exploited, so internet-exposed legacy SAP Java systems deserve urgent review.

Executive priority

Treat this as urgent for any exposed SAP Java estate. The vulnerability is old but known exploited, easy to reach over the network, and can disclose sensitive files without authentication. Remediation should focus first on internet-facing and high-value SAP systems.

Technical view

CVE-2017-12637 is CWE-22 directory traversal in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5. The CVSS 3.1 vector is network, low complexity, no privileges, no user interaction, confidentiality high, integrity and availability none. It is associated with SAP Security Note 2486657.

Likely exposure

Most likely exposure is SAP NetWeaver Application Server Java 7.5, especially systems with internet-reachable Java scheduler or UI components. The provided affected-products field is incomplete, so confirm exposure against SAP inventory and vendor guidance rather than assuming broader SAP coverage.

Exploitation context

The CVE description says it was exploited in the wild in August 2017, and the source bundle marks it as CISA KEV. That supports treating exploitation as confirmed historically. The provided sources do not establish current campaign activity or specific attacker groups.

Researcher notes

The source bundle gives strong evidence for vulnerability class, component path, CVSS, SAP NetWeaver AS Java 7.5, and known exploitation. It does not provide complete affected CPEs, patch mechanics, or current exploitation telemetry. Avoid expanding scope beyond SAP guidance.

Mitigation direction

  • Confirm affected SAP NetWeaver Java systems against SAP Security Note 2486657.
  • Apply SAP vendor fixes or superseding guidance for this CVE.
  • Restrict public access to SAP Java interfaces while remediation is pending.
  • Prioritize systems containing credentials, finance, HR, or regulated data.
  • Retire or isolate unsupported SAP NetWeaver Java 7.5 deployments.

Validation and detection

  • Inventory SAP NetWeaver Application Server Java 7.5 instances.
  • Check patch records for SAP Security Note 2486657 or superseding fixes.
  • Review exposure of scheduler and Java UI paths from untrusted networks.
  • Search web logs for traversal indicators targeting the referenced scheduler UI path.
  • Verify no sensitive files were accessed during suspected exploitation windows.
Prepared
Confidence
high
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · medium confidence lookup

CWE-22: File access and web shell behavior lookup

File traversal and upload weaknesses can lead teams to review file, web shell, execution, and collection telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
description · low confidence lookup

File access behavior lookup

The CVE wording references file access or upload behavior, so file telemetry and web shell review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2017-12637 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.5 (3.1)
Known Exploited
Yes
Published

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
3Source links

CISA KEV status

Status
Known exploited
Source
CISA / ADP
Date added
Not provided

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.5CVSS 3.1HighCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N3.93.6Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

7.5High
CVSS 3.1 vector shape for CVE-2017-12637Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.