Description
SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100168
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95364
Third Party Advisory x_refsource_misc
https://erpscan.io/advisories/erpscan-17-003-sap-netweaver-7-4-getuseruddielements-sql-injection/
Scores
CVSS v3
8.8
EPSS
0.0084
EPSS Percentile
74.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
sap/netweaver_application_server_java
7.40
Published
Apr 14, 2017
Tracked Since
Feb 18, 2026