Vulnerability Details CVE-2016-1910
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.088
EPSS Ranking 92.1%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- http://seclists.org/fulldisclosure/2016/Apr/60
- http://www.securityfocus.com/bid/80920
- https://erpscan.io/advisories/erpscan-16-003-sap-netweaver-7-4-cryptographic-issues/
- https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/
- https://www.exploit-db.com/exploits/43495/
- http://seclists.org/fulldisclosure/2016/Apr/60
- http://www.securityfocus.com/bid/80920
- https://erpscan.io/advisories/erpscan-16-003-sap-netweaver-7-4-cryptographic-issues/
- https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/
- https://www.exploit-db.com/exploits/43495/