CISA/NIST NVD Alert - CVE-2016-2386

NetWeaver - SAP NetWeaver SQL Injection Vulnerability

CISA/NIST Known Exploited Vulnerability Alert

CVE Identification Number

CVE-2016-2386

Vendor Name

SAP

Product

NetWeaver

Vulnerability Name

SAP NetWeaver SQL Injection Vulnerability

Description of Vulnerability

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Date Added to CISA Known Exploited Vulnerability Database

2022-06-09

Remediation

Apply updates per vendor instructions.

Link to NIST NVD CVE Listing

National Vulnerability Database Source