CVE-2016-2388β€”SAP NetWeaver Information Disclosure Vulnerability

PUBLISHEDvulnerability record
2022-06-09 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2016-2388
Project:
SAP
Product:
NetWeaver
Date Added:
2022-06-09
Due Date:
2022-06-30
Last Updated:
June 21, 2025

Vulnerability Name

SAP NetWeaver Information Disclosure Vulnerability

Description

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
Unknown

Action

Apply updates per vendor instructions.

Additional Notes

Related Weaknesses