Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2016-2388

Published: 16/02/2016 Updated: 05/05/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 510
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Sap

Vulnerability Summary

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote malicious users to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap netweaver application server java

Exploits

Exploit DB: SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure
Application:SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 71 - 75 Vendor URL: SAPcom Bugs: information disclosure Sent: 15092015 Reported: 15092015 Vendor response: 16092015 Date of Public Advisory: 09022016 Reference: SAP Security Note 2256846 Author: Vahagn Vardanyan (ERPScan) Description 1 ADVISORY INF ...
Exploit DB: SAP NetWeaver J2EE Engine 7.40 - SQL Injection
#!/usr/bin/env python # coding=utf-8 """ Author: Vahagn Vardanyan twittercom/vah_13 Bugs: CVE-2016-2386 SQL injection CVE-2016-2388 Information disclosure CVE-2016-1910 Crypto issue Follow HTTP request is a simple PoC for anon time-based SQL injection (CVE-2016-2386) vulnerability in SAP NetWeaver AS Java UDDI 711-750 POST /UD ...
Exploit DB: SAP NetWeaver AS JAVA 7.5 Information Disclosure
SAP NetWeaver AS JAVA versions 71 through 75 suffer from an information disclosure vulnerability ...
Exploit DB: SAP NetWeaver J2EE Engine 7.40 SQL Injection
SAP NetWeaver J2EE Engine version 740 suffers from a remote SQL injection vulnerability ...

Github Repositories

https://github.com/vah13/SAP_exploit

Here you can get full exploit for SAP NetWeaver AS JAVA

SAP_exploit Author: Vahagn Vardanyan twittercom/vah_13 Bugs: CVE-2016-2386 SQL injection CVE-2016-2388 Information disclosure CVE-2016-1910 Crypto issue Follow HTTP request is a simple PoC for anon time-based SQL injection (CVE-2016-2386) vulnerability in SAP NetWeaver AS Java UDDI 711-750 POST /UDDISecurityService/UDDISecurityImplBean HTTP/11 User-Agent:

Recent Articles

Microsoft fixes under-attack Windows zero-day Follina
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities. Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild. Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so t...

Read more...

References

CWE-200http://seclists.org/fulldisclosure/2016/May/55http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.htmlhttps://www.exploit-db.com/exploits/39841/https://www.exploit-db.com/exploits/43495/https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.htmlhttps://nvd.nist.govhttps://github.com/vah13/SAP_exploithttps://www.exploit-db.com/exploits/39841/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook