CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2016-2386

CVSS 9.8v3.1pub. 2016-02-16upd. 2026-04-21

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sap Netweaver Application Server Java

    APP
    Sap
    7.40

CISA KEV — detailsi

Vendori
SAP
Producti
NetWeaver
Added to KEVi
June 9, 2022
Remediation deadline (US Federal)i
June 30, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 30 czerwca 2022
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2020-6287CRITICAL10.0⚠ KEVten sam produkt

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authen...

CVE-2010-5326CRITICAL10.0⚠ KEVten sam produkt

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require ...

CVE-2024-22127CRITICAL9.1PL ✓ten sam produkt

SAP NetWeaver AS Java – command injection przez upload pliku w Log Viewer

CVE-2023-40309CRITICAL9.8ten sam produkt

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong aut...

CVE-2022-22532CRITICAL9.8ten sam produkt

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7....