TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2016-2386

CRITICALCISA KEV
9.8

Beschreibung

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/16/2016
Zuletzt geandert4/21/2026
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerSAP
ProduktNetWeaver
SchwachstellennameSAP NetWeaver SQL Injection Vulnerability
KEV Aufnahmedatum2022-06-09
Behebungsfrist2022-06-30
Ransomware-NutzungUnknown

Betroffene Produkte

sap:netweaver_application_server_java

Schwachen (CWE)

CWE-89CWE-89

Referenzen

http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html(cve@mitre.org)
http://seclists.org/fulldisclosure/2016/May/56(cve@mitre.org)
https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability/(cve@mitre.org)
https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/(cve@mitre.org)
https://github.com/vah13/SAP_exploit(cve@mitre.org)
https://www.exploit-db.com/exploits/39840/(cve@mitre.org)
https://www.exploit-db.com/exploits/43495/(cve@mitre.org)
http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/May/56(af854a3a-2127-422b-91ae-364da2661108)
https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability/(af854a3a-2127-422b-91ae-364da2661108)
https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vah13/SAP_exploit(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/39840/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43495/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-2386(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.