SAP NetWeaver AS Java Path Traversal (CVE-2017-12637)

Version 1.20

Feb 6, 2026, 12:54 AM

Required Scan configuration (Detected software that is considered a component of another application should only trigger vuln findings when the scan is running in paranoid mode. At this moment in time, this change affects only OpenSSL, Curl, LibCurl , SQLite, PHP, Apache HTTPD and Tomcat. Others may follow at a later date.)