Lucene search
PRIOn knowledge basePRION:CVE-2016-2388HistoryFeb 16, 2016 - 3:59 p.m.
Design/Logic Flaw
2016-02-1615:59:00
PRIOn knowledge base
www.prio-n.com
4
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
| CPE | Name | Operator | Version |
|---|---|---|---|
| netweaver_application_server_java | ge | 7.10 | |
| netweaver_application_server_java | le | 7.50 |
References
packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html
packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html
seclists.org/fulldisclosure/2016/May/55
erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/
erpscan.io/press-center/blog/sap-security-notes-february-2016-review/
www.exploit-db.com/exploits/39841/
www.exploit-db.com/exploits/43495/
Related
cisa_kev
cisa_kev
SAP NetWeaver Information Disclosure Vulnerability
2022-06-09 00:00:00
exploitpack
exploitpack
SAP NetWeaver AS JAVA 7.1 7.5 - Information Disclosure
2016-05-19 00:00:00
SAP NetWeaver J2EE Engine 7.40 - SQL Injection
2018-01-10 00:00:00
attackerkb
attackerkb
CVE-2016-2388
2016-02-16 00:00:00
erpscan
erpscan
SAP NetWeaver AS JAVA - information disclosure vulnerability
2015-09-15 00:00:00
cvelist
cvelist
CVE-2016-2388
2016-02-16 15:00:00
nvd
nvd
CVE-2016-2388
2016-02-16 15:59:02
cve
cve
CVE-2016-2388
2016-02-16 15:59:02
checkpoint_advisories
checkpoint_advisories
SAP NetWeaver Information Disclosure (CVE-2016-2388)
2022-07-20 00:00:00
zdt
zdt
SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure
2016-05-19 00:00:00
SAP NetWeaver J2EE Engine 7.40 - SQL Injection Exploit
2018-01-11 00:00:00
packetstorm
packetstorm
SAP NetWeaver AS JAVA 7.5 Information Disclosure
2016-05-19 00:00:00
SAP NetWeaver J2EE Engine 7.40 SQL Injection
2018-01-12 00:00:00
nessus
nessus
SAP NetWeaver AS Java Information Disclosure (2256846)
2022-06-16 00:00:00
exploitdb
exploitdb
SAP NetWeaver AS JAVA 7.1 < 7.5 - Information Disclosure
2016-05-19 00:00:00
SAP NetWeaver J2EE Engine 7.40 - SQL Injection
2018-01-10 00:00:00
openvas
openvas
SAP NetWeaver AS Java Multiple Vulnerabilities (2101079, 2191290, 2256846)
2016-05-23 00:00:00