CVE-2016-2388
SAP NetWeaver Information Disclosure Vulnerability
CVSS
—
No CVSS
EPSS
51.6%
p99
KEV
YES
Jun 9, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
51.6%EPSS · 30 days51.6%
2026-06-302026-07-16
Product
SAP / NetWeaver
Vulnerability
SAP NetWeaver Information Disclosure Vulnerability
Added to KEV
Jun 9, 2022
Remediate by
Jun 30, 2022
Known ransomware use
No
Summary description
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-2388
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-31324—99.9%
KEV—80SAP NetWeaver Unrestricted File Upload Vulnerability—CVE-2020-6287—99.8%
KEV—80SAP NetWeaver Missing Authentication for Critical Function Vulnerability—CVE-2017-12637—99.8%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2016-2386—99.3%
KEV—80SAP NetWeaver SQL Injection Vulnerability—CVE-2016-3976—98.7%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2021-38163—98.3%
KEV—79SAP NetWeaver Unrestricted File Upload Vulnerability—