TROYANOSYVIRUS
Voltar para CVEs

CVE-2016-2386

CRITICALCISA KEV
9.8

Descricao

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

Detalhes CVE

Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/16/2016
Ultima modificacao4/21/2026
Fontekev
Avistamentos honeypot0

CISA KEV

FornecedorSAP
ProdutoNetWeaver
Nome da vulnerabilidadeSAP NetWeaver SQL Injection Vulnerability
Data inclusao KEV2022-06-09
Prazo de remediacao2022-06-30
Uso em ransomwareUnknown

Produtos afetados

sap:netweaver_application_server_java

Fraquezas (CWE)

CWE-89CWE-89

Referencias

http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html(cve@mitre.org)
http://seclists.org/fulldisclosure/2016/May/56(cve@mitre.org)
https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability/(cve@mitre.org)
https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/(cve@mitre.org)
https://github.com/vah13/SAP_exploit(cve@mitre.org)
https://www.exploit-db.com/exploits/39840/(cve@mitre.org)
https://www.exploit-db.com/exploits/43495/(cve@mitre.org)
http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2016/May/56(af854a3a-2127-422b-91ae-364da2661108)
https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability/(af854a3a-2127-422b-91ae-364da2661108)
https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vah13/SAP_exploit(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/39840/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43495/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-2386(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.