CVE-2016-2388 — SAP NetWeaver Information Disclosure Vulnerability

2022-06-09 • CISA Known Exploited Vulnerability

[event] The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.

> AFFECTED SOFTWARE

Field	Value
Vendor	SAP
Product	NetWeaver
CWE	CWE-200
CVE ID	CVE-2016-2388
Date Added	2022-06-09
Due Date	2022-06-30
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-06-30

> REFERENCES

[1] https://nvd.nist.gov/vuln/detail/CVE-2016-2388