CVE-2016-2386

9.8 CRITICAL CISA KEV - Actively Exploited

Published: February 16, 2016 Modified: October 22, 2025

Description

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

http://seclists.org/fulldisclosure/2016/May/56

Source: cve@mitre.org

Exploit Mailing List Third Party Advisory

https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability/

Source: cve@mitre.org

Broken Link Third Party Advisory

https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/

Source: cve@mitre.org

Broken Link Third Party Advisory

https://github.com/vah13/SAP_exploit

Source: cve@mitre.org

Exploit Third Party Advisory

https://www.exploit-db.com/exploits/39840/

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

https://www.exploit-db.com/exploits/43495/

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html