CVE-2016-2386
SAP NetWeaver SQL Injection Vulnerability
CVSS
—
No CVSS
EPSS
71.1%
p99
KEV
YES
Jun 9, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
71.1%EPSS · 30 days71.1%
2026-06-302026-07-16
Product
SAP / NetWeaver
Vulnerability
SAP NetWeaver SQL Injection Vulnerability
Added to KEV
Jun 9, 2022
Remediate by
Jun 30, 2022
Known ransomware use
No
Summary description
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-2386
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-31324—99.9%
KEV—80SAP NetWeaver Unrestricted File Upload Vulnerability—CVE-2020-6287—99.8%
KEV—80SAP NetWeaver Missing Authentication for Critical Function Vulnerability—CVE-2017-12637—99.8%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2016-2388—98.8%
KEV—80SAP NetWeaver Information Disclosure Vulnerability—CVE-2016-3976—98.7%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2021-38163—98.3%
KEV—79SAP NetWeaver Unrestricted File Upload Vulnerability—