KEV Release: 2022-06-09

[hrbrmstr]

KEV Release: 2022-06-09

3 CVEs in this release.

• CVE-2021-38163: (SAP:NetWeaver) SAP NetWeaver Unrestricted File Upload Vulnerability :: SAP NetWeaver contains a vulnerability that allows unrestricted file upload.

  Additional Information

  • CVSS 8.8
  • Severity: HIGH
  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: LOW
  • User Interaction: NONE
  • Impact: 5.9
  • CWE: CWE-434
  • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • EPSS: 0.008850000 / 0.252990000
  • In The Wild: https://inthewild.io/vuln/CVE-2021-38163

• CVE-2016-2386: (SAP:NetWeaver) SAP NetWeaver SQL Injection Vulnerability :: SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  Additional Information

  • CVSS 9.8
  • Severity: CRITICAL
  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • User Interaction: NONE
  • Impact: 5.9
  • CWE: CWE-89
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • EPSS: 0.018060000 / 0.753790000
  • In The Wild: https://inthewild.io/vuln/CVE-2016-2386

• CVE-2016-2388: (SAP:NetWeaver) SAP NetWeaver Information Disclosure Vulnerability :: The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.

  Additional Information

  • CVSS 5.3
  • Severity: MEDIUM
  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • User Interaction: NONE
  • Impact: 1.4
  • CWE: CWE-200
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • EPSS: 0.102120000 / 0.942620000
  • In The Wild: https://inthewild.io/vuln/CVE-2016-2388