SAP NetWeaver Java Path Traversal and XSS Flaws

Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manipulate file inclusion parameters within crafted HTTP logon requests, leading to inclusion and processing of arbitrary local files. Successful exploitation can expose or modify sensitive data and render portions of the server unavailable, with no public exploit identified at time of analysis but a CVSS of 9.0 reflecting full CIA impact with scope change.

Reflected cross-site scripting in SAP NetWeaver JAVA's JDBC Test Servlet enables unauthenticated remote attackers to craft malicious URLs that execute arbitrary JavaScript in a victim's browser upon interaction. The Changed Scope (S:C) in the CVSS vector indicates the injected script can affect browser context beyond the vulnerable origin, enabling session theft, credential harvesting, or unauthorized modification of webclient data. No public exploit code has been identified at time of analysis, and this vulnerability has not been listed in the CISA KEV catalog.