SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSap Netweaver Application Server Java
APPSap7.40
CISA KEV — detailsi
- Vendori
- SAP
- Producti
- NetWeaver
- Added to KEVi
- June 9, 2022
- Remediation deadline (US Federal)i
- June 30, 2022(overdue)
Apply updates per vendor instructions.
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Related vulnerabilities
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authen...
The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require ...
SAP NetWeaver AS Java – command injection przez upload pliku w Log Viewer
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong aut...
In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7....