← ExploitWatch
HomeExploited Vulnerabilities

CVE-2016-2386 — Actively Exploited: NetWeaver (SAP)

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE IDCVE-2016-2386
VendorSAP
ProductNetWeaver
Vulnerability nameSAP NetWeaver SQL Injection Vulnerability
Date added2022-06-09
Remediation due2022-06-30
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionSQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →