CVE-2016-2386
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability/
- http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html
- https://www.exploit-db.com/exploits/39840/
- https://github.com/vah13/SAP_exploit
- https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/
- https://www.exploit-db.com/exploits/43495/
- http://seclists.org/fulldisclosure/2016/May/56
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
- https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability/
- http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html
- https://www.exploit-db.com/exploits/39840/
- https://github.com/vah13/SAP_exploit
- https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/
- https://www.exploit-db.com/exploits/43495/
- http://seclists.org/fulldisclosure/2016/May/56
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.