All vulnerabilities
CVE-2016-2388
SAP NetWeaver Information Disclosure Vulnerability
SAP — NetWeaver
- Added to KEV catalog
- 9 June 2022
- Federal remediation due date
- 30 June 2022
- Weakness classification (CWE)
- CWE-200
CISA Description
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-2388
More SAP Vulnerabilities
CVE-2025-42999
SAP NetWeaver Deserialization Vulnerability
CVE-2025-31324
SAP NetWeaver Unrestricted File Upload Vulnerability
CVE-2017-12637
SAP NetWeaver Directory Traversal Vulnerability
CVE-2019-0344
SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability
CVE-2022-22536
SAP Multiple Products HTTP Request Smuggling Vulnerability
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services