CVE-2016-2386

critical

Description

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-2386

Details

Source: Mitre, NVD

Published: 2016-02-16

Updated: 2025-10-22

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.4395

Detections

Analytics