CVE-2016-2386 — SAP NetWeaver SQL Injection Vulnerability
2022-06-09 • CISA Known Exploited Vulnerability
[event] SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | SAP |
| Product | NetWeaver |
| CWE | CWE-89 |
| CVE ID | CVE-2016-2386 |
| Date Added | 2022-06-09 |
| Due Date | 2022-06-30 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2022-06-30