KEVIntel
Back to KEVs
5.3
CVSS
Medium

CVE-2016-2388

PUBLISHED

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP...

Exploited in the wild Remote Low complexity No user interaction
Vendor
SAP
Product
NetWeaver AS JAVA
Published
Feb 16, 2016
EPSS

Description

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.

java cisa

CVSS scores

CVSS v3.1 5.3 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2.0 5.0

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitation status

Exploited in the wild

Recorded 2022-06-09 00:00:00 UTC · Source

SSVC decision points

Exploitation
active
Automatable
Yes
Technical impact
partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CISA Jun 09, 2022

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel