CVE-2016-2386

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

CVSS Metrics

Affected Products (1)

GitHub Security Advisory GHSA-g384-79gw-fwh4

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote...

References (15)

• http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html Exploit, Third Party Advisory, VDB Entry
• http://seclists.org/fulldisclosure/2016/May/56 Exploit, Mailing List, Third Party Advisory
• https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability/ Broken Link, Third Party Advisory
• https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/ Broken Link, Third Party Advisory
• https://github.com/vah13/SAP_exploit Exploit, Third Party Advisory
• https://www.exploit-db.com/exploits/39840/ Exploit, Third Party Advisory, VDB Entry
• https://www.exploit-db.com/exploits/43495/ Exploit, Third Party Advisory, VDB Entry
• http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html Exploit, Third Party Advisory, VDB Entry
• http://seclists.org/fulldisclosure/2016/May/56 Exploit, Mailing List, Third Party Advisory
• https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability/ Broken Link, Third Party Advisory
• https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/ Broken Link, Third Party Advisory
• https://github.com/vah13/SAP_exploit Exploit, Third Party Advisory
• https://www.exploit-db.com/exploits/39840/ Exploit, Third Party Advisory, VDB Entry
• https://www.exploit-db.com/exploits/43495/ Exploit, Third Party Advisory, VDB Entry
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-2386 US Government Resource