Описание
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-2386
- https://erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability
- https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review
- https://github.com/vah13/SAP_exploit
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-2386
- https://www.exploit-db.com/exploits/39840
- https://www.exploit-db.com/exploits/43495
- http://packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.html
- http://seclists.org/fulldisclosure/2016/May/56
Связанные уязвимости
CVSS3: 9.8
nvd
почти 10 лет назад
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
fstec
почти 10 лет назад
Уязвимость программной интеграционной платформы SAP NetWeaver, позволяющая нарушителю выполнить произвольные SQL-команды