CVE-2016-1910

MEDIUM

SAP NetWeaver 7.4 - Info Disclosure

Title source: llm

Description

The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.

Exploits (1)

exploitdb WORKING POC

by Vahagn Vardanyan · pythonwebappsmultiple

https://www.exploit-db.com/exploits/43495

View Code ZIP pw:eip

References (5)

[Mailing List] http://seclists.org/fulldisclosure/2016/Apr/60

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/80920

[Third Party Advisory] https://erpscan.io/advisories/erpscan-16-003-sap-netweaver-7-4-cryptographic-issues/

[Third Party Advisory] https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/43495/

Scores

CVSS v3 5.3

EPSS 0.1258

EPSS Percentile 93.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (1)

sap/netweaver

Timeline

Published Jan 15, 2016

Tracked Since Feb 18, 2026