CISA/NIST NVD Alert - CVE-2016-2388

NetWeaver - SAP NetWeaver Information Disclorsure Vulnerability

CISA/NIST Known Exploited Vulnerability Alert

CVE Identification Number

CVE-2016-2388

Vendor Name

SAP

Product

NetWeaver

Vulnerability Name

SAP NetWeaver Information Disclosure Vulnerability

Description of Vulnerability

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.

Date Added to CISA Known Exploited Vulnerability Database

2022-06-09

Remediation

Apply updates per vendor instructions.

Link to NIST NVD CVE Listing

National Vulnerability Database Source