Published: 15/01/2016 Updated: 10/12/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The User Management Engine (UME) in SAP NetWeaver 7.4 allows malicious users to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver 7.40

#!/usr/bin/env python # coding=utf-8 """ Author: Vahagn Vardanyan twittercom/vah_13 Bugs: CVE-2016-2386 SQL injection CVE-2016-2388 Information disclosure CVE-2016-1910 Crypto issue Follow HTTP request is a simple PoC for anon time-based SQL injection (CVE-2016-2386) vulnerability in SAP NetWeaver AS Java UDDI 711-750 POST /UD ...

SAP NetWeaver J2EE Engine version 740 suffers from a remote SQL injection vulnerability ...

Here you can get full exploit for SAP NetWeaver AS JAVA

SAP_exploit Author: Vahagn Vardanyan twittercom/vah_13 Bugs: CVE-2016-2386 SQL injection CVE-2016-2388 Information disclosure CVE-2016-1910 Crypto issue Follow HTTP request is a simple PoC for anon time-based SQL injection (CVE-2016-2386) vulnerability in SAP NetWeaver AS Java UDDI 711-750 POST /UDDISecurityService/UDDISecurityImplBean HTTP/11 User-Agent:

CWE-200 http://www.securityfocus.com/bid/80920 http://seclists.org/fulldisclosure/2016/Apr/60 https://www.exploit-db.com/exploits/43495/https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/https://erpscan.io/advisories/erpscan-16-003-sap-netweaver-7-4-cryptographic-issues/https://nvd.nist.gov https://github.com/vah13/SAP_exploit https://www.exploit-db.com/exploits/43495/

CVE-2016-1910

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect