Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2016-1910Sensitive Information Exposure in SAP Netweaver

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
12.6%
top 6.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SAP Netweaver
Timeline
PublishedJan 15
Latest updateMay 14

Description

The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDsap/netweaver7.40

🔴Vulnerability Details

2
GHSA
GHSA-4r3h-4pgq-8rpc: The User Management Engine (UME) in SAP NetWeaver 72022-05-14
CVEList
CVE-2016-1910: The User Management Engine (UME) in SAP NetWeaver 72016-01-15

💥Exploits & PoCs

1
Exploit-DB
SAP NetWeaver J2EE Engine 7.40 - SQL Injection2018-01-10
CVE-2016-1910 — Sensitive Information Exposure in SAP | cvebase