hrbrmstr/cisa-known-exploited-vulns

KEV Release: 2022-06-09

hrbrmstr opened this issue · 0 comments

hrbrmstr commented

KEV Release: 2022-06-09

3 CVEs in this release.

  • CVE-2021-38163: Remote (SAP:NetWeaver) SAP NetWeaver Unrestricted File Upload Vulnerability :: SAP NetWeaver contains a vulnerability that allows unrestricted file upload.

    Additional Information

    • CVSS 8.8
    • Severity: HIGH
    • Attack Vector: NETWORK
    • Attack Complexity: LOW
    • Privileges Required: LOW
    • User Interaction: NONE
    • Impact: 5.9
    • CWE: CWE-434
    • Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    • EPSS: 0.008850000 / 0.252990000
    • In The Wild: https://inthewild.io/vuln/CVE-2021-38163

  • CVE-2016-2386: Remote (SAP:NetWeaver) SAP NetWeaver SQL Injection Vulnerability :: SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

    Additional Information

    • CVSS 9.8
    • Severity: CRITICAL
    • Attack Vector: NETWORK
    • Attack Complexity: LOW
    • Privileges Required: NONE
    • User Interaction: NONE
    • Impact: 5.9
    • CWE: CWE-89
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    • EPSS: 0.018060000 / 0.753790000
    • In The Wild: https://inthewild.io/vuln/CVE-2016-2386

  • CVE-2016-2388: Local/Adjacent (SAP:NetWeaver) SAP NetWeaver Information Disclosure Vulnerability :: The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.

    Additional Information

    • CVSS 5.3
    • Severity: MEDIUM
    • Attack Vector: NETWORK
    • Attack Complexity: LOW
    • Privileges Required: NONE
    • User Interaction: NONE
    • Impact: 1.4
    • CWE: CWE-200
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    • EPSS: 0.102120000 / 0.942620000
    • In The Wild: https://inthewild.io/vuln/CVE-2016-2388