Critical severity9.8CISA KEVNVD Advisory· Published Feb 16, 2016· Updated Apr 21, 2026

CVE-2016-2386

Description

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.

Affected products

SAP/Netweaver Application Server Java
cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/137129/SAP-NetWeaver-AS-JAVA-7.5-SQL-Injection.htmlnvdExploitThird Party AdvisoryVDB Entry
seclists.org/fulldisclosure/2016/May/56nvdExploitMailing ListThird Party Advisory
www.exploit-db.com/exploits/39840/nvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/43495/nvdExploitThird Party AdvisoryVDB Entry
erpscan.io/advisories/erpscan-16-011-sap-netweaver-7-4-sql-injection-vulnerability/nvdBroken LinkThird Party Advisory
erpscan.io/press-center/blog/sap-security-notes-february-2016-review/nvdBroken LinkThird Party Advisory
www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.036
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.000