Skip to main content
CVE-2016-2386 CRITICAL POC KEV THREAT Emergency

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

SAP SQLi
NVD GitHub Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
44.0%
Threat
6.3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy