SAP NetWeaver AS JAVA 'getUserUddiElements' SQL Injection Vulnerability

SAP NetWeaver is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

SAP NetWeaver 7.40 is vulnerable; other versions may also be affected.


Bugtraq ID: 95364
Class: Input Validation Error
CVE: CVE-2017-7717

Remote: Yes
Local: No
Published: Jan 10 2017 12:00AM
Updated: Apr 17 2017 12:06PM
Credit: Vahagn Vardanyan (ERPScan)
Vulnerable: SAP NetWeaver 7.40

Not Vulnerable:

Related Posts