CVE-2016-2386 - SAP NetWeaver SQL Injection Vulnerability

Project:SAP

Product:NetWeaver

Date Added:2022-06-09Due Date:2022-06-30Last Updated:June 21, 2025

Vulnerability Name

SAP NetWeaver SQL Injection Vulnerability

Description

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://nvd.nist.gov/vuln/detail/CVE-2016-2386

Related Weaknesses