CVE-2016-2388
SAP NetWeaver Information Disclosure Vulnerability
CVSS
—
Sin CVSS
EPSS
51.6%
p99
KEV
SÍ
9 jun 2022
Exploit Today
80
0-100
Publicado: — · Última mod.: —
51.6%EPSS · 30 días51.6%
2026-06-302026-07-16
Producto
SAP / NetWeaver
Vulnerabilidad
SAP NetWeaver Information Disclosure Vulnerability
Añadido a KEV
9 jun 2022
Remediar antes de
30 jun 2022
Uso conocido en ransomware
No
Descripción resumida
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.
Acción requerida
Apply updates per vendor instructions.
Notas
https://nvd.nist.gov/vuln/detail/CVE-2016-2388
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-31324—99.9%
KEV—80SAP NetWeaver Unrestricted File Upload Vulnerability—CVE-2020-6287—99.8%
KEV—80SAP NetWeaver Missing Authentication for Critical Function Vulnerability—CVE-2017-12637—99.8%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2016-2386—99.3%
KEV—80SAP NetWeaver SQL Injection Vulnerability—CVE-2016-3976—98.7%
KEV—80SAP NetWeaver Directory Traversal Vulnerability—CVE-2021-38163—98.3%
KEV—79SAP NetWeaver Unrestricted File Upload Vulnerability—