CyberSec.Space Logo
CVEブラウザに戻る

CVE-2016-2386

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score27.0850%
EPSS Percentile97.29th
Published2016年2月16日
Last Modified2026年4月21日

Vulnerability Description

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

Affected Platforms (CPE)

📦
Sap

Netweaver Application Server Java

= 7.40

References & Advisories

🔗 http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html
🔗 http://seclists.org/fulldisclosure/2016/May/56
🔗 https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability/
🔗 https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/
🔗 https://github.com/vah13/SAP_exploit
🔗 https://www.exploit-db.com/exploits/39840/
🔗 https://www.exploit-db.com/exploits/43495/
🔗 http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html

関連する脆弱性情報

CVE-2010-532610.0

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, whic...

CVE-2019-03459.8

A remote unauthenticated attacker can abuse a web service in SAP NetWeaver Application Server for Java (Administrator System Overv...

CVE-2021-375359.8

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform nece...

CVE-2019-03898.8

An administrator of SAP NetWeaver Application Server Java (J2EE-Framework), (corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5),...