High severity8.8NVD Advisory· Published Apr 14, 2017· Updated May 13, 2026

CVE-2017-7717

Description

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.

Affected products

SAP/Netweaver Application Server Java
cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/100168nvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/95364nvdThird Party AdvisoryVDB Entry
erpscan.io/advisories/erpscan-17-003-sap-netweaver-7-4-getuseruddielements-sql-injection/nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.572
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000