CVE-2016-2386

Name of the Vulnerable Software and Affected Versions SAP NetWeaver J2EE Engine version 7.40

Description The issue is related to a SQL injection vulnerability in the UDDI server of the SAP NetWeaver J2EE Engine. This vulnerability allows remote attackers to execute arbitrary SQL commands via unspecified vectors. The vulnerability is due to the lack of protection measures for the SQL query structure, which can be exploited by a remote attacker to execute arbitrary SQL commands.

Recommendations For SAP NetWeaver J2EE Engine version 7.40, apply the fix as described in SAP Security Note 2101079 to resolve the SQL injection vulnerability. As a temporary workaround, consider restricting access to the UDDI server to minimize the risk of exploitation.