ByteOS Network

NVD Vulnerability Details :

CVE-2016-2388

Analyzed

Source-cve@mitre.org

View Known Exploited Vulnerability (KEV) details

Published At-16 Feb, 2016 | 15:59

Updated At-21 Apr, 2026 | 16:25

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.

CISA Catalog

Date Added	Due Date	Vulnerability Name	Required Action
2022-06-09	2022-06-30	SAP NetWeaver Information Disclosure Vulnerability	Apply updates per vendor instructions.

Date Added: 2022-06-09

Due Date: 2022-06-30

Vulnerability Name: SAP NetWeaver Information Disclosure Vulnerability

Required Action: Apply updates per vendor instructions.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

SAP SE

>>netweaver_application_server_java>>Versions from 7.10(inclusive) to 7.50(inclusive)

cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Primary	nvd@nist.gov
CWE-200	Secondary	134c704f-9b21-4f2e-91b3-4a467353bcc0

CWE ID: CWE-200

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-200

Type: Secondary

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

References

Hyperlink	Source	Resource
http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html	cve@mitre.org	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html	cve@mitre.org	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2016/May/55	cve@mitre.org	Exploit Mailing List Third Party Advisory
https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/	cve@mitre.org	Broken Link Third Party Advisory
https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/	cve@mitre.org	Broken Link Third Party Advisory
https://www.exploit-db.com/exploits/39841/	cve@mitre.org	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43495/	cve@mitre.org	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2016/May/55	af854a3a-2127-422b-91ae-364da2661108	Exploit Mailing List Third Party Advisory
https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory
https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/	af854a3a-2127-422b-91ae-364da2661108	Broken Link Third Party Advisory
https://www.exploit-db.com/exploits/39841/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43495/	af854a3a-2127-422b-91ae-364da2661108	Exploit Third Party Advisory VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-2388	134c704f-9b21-4f2e-91b3-4a467353bcc0	US Government Resource