CVE-2016-3976
SAP NetWeaver Directory Traversal Vulnerability
CVSS
—
No CVSS
EPSS
46.6%
p99
KEV
YES
Nov 3, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
46.6%EPSS · 30 days46.6%
2026-06-302026-07-16
Product
SAP / NetWeaver
Vulnerability
SAP NetWeaver Directory Traversal Vulnerability
Added to KEV
Nov 3, 2021
Remediate by
May 3, 2022
Known ransomware use
No
Summary description
SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-3976
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-31324—99.9%
KEV—80SAP NetWeaver Unrestricted File Upload Vulnerability—CVE-2020-6287—99.8%
KEV—80SAP NetWeaver Missing Authentication for Critical Function Vulnerability—CVE-2017-12637—99.8%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2016-2386—99.3%
KEV—80SAP NetWeaver SQL Injection Vulnerability—CVE-2016-2388—98.8%
KEV—80SAP NetWeaver Information Disclosure Vulnerability—CVE-2021-38163—98.3%
KEV—79SAP NetWeaver Unrestricted File Upload Vulnerability—