CVE-2016-2388 - Vulnerability Details - OpenCVE

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is in the KEV database since June 9, 2022.

The EPSS score is 0.4794.

Exploitation active

Automatable yes

Technical Impact partial

Vendors	Products
Sap	Netweaver Application Server Java

Configuration 1 [-]

cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html
http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html
http://seclists.org/fulldisclosure/2016/May/55
https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/
https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/
https://www.exploit-db.com/exploits/39841/
https://www.exploit-db.com/exploits/43495/

History

Tue, 04 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-06-09'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-02-16T15:00:00.000Z

Updated: 2025-07-30T01:46:40.409Z

Reserved: 2016-02-16T00:00:00.000Z

Link: CVE-2016-2388

Vulnrichment

Updated: 2024-08-05T23:24:49.339Z

NVD

Status : Deferred

Published: 2016-02-16T15:59:02.103

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-2388

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-27T13:14:53.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20160523 [ERPSCAN-16-010] SAP NetWeaver AS JAVA - information disclosure vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2016/May/55"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html"}, {"tags": ["x_refsource_MISC"], "url": "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/"}, {"tags": ["x_refsource_MISC"], "url": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/"}, {"name": "39841", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/39841/"}, {"name": "43495", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/43495/"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-2388", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20160523 [ERPSCAN-16-010] SAP NetWeaver AS JAVA - information disclosure vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2016/May/55"}, {"name": "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html"}, {"name": "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/", "refsource": "MISC", "url": "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/"}, {"name": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/", "refsource": "MISC", "url": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/"}, {"name": "39841", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/39841/"}, {"name": "43495", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/43495/"}, {"name": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:24:49.339Z"}, "title": "CVE Program Container", "references": [{"name": "20160523 [ERPSCAN-16-010] SAP NetWeaver AS JAVA - information disclosure vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2016/May/55"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/"}, {"name": "39841", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/39841/"}, {"name": "43495", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/43495/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2016-2388", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-04T20:59:47.982679Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-06-09", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-2388"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "timeline": [{"time": "2022-06-09T00:00:00+00:00", "lang": "en", "value": "CVE-2016-2388 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-30T01:46:40.409Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-2388", "datePublished": "2016-02-16T15:00:00.000Z", "dateReserved": "2016-02-16T00:00:00.000Z", "dateUpdated": "2025-07-30T01:46:40.409Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://seclists.org/fulldisclosure/2016/May/55", "name": "20160523 [ERPSCAN-16-010] SAP NetWeaver AS JAVA - information disclosure vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/39841/", "name": "39841", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/43495/", "name": "43495", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T23:24:49.339Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2016-2388", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-02-04T20:59:47.982679Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-06-09", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-2388"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T20:59:52.591Z"}, "timeline": [{"lang": "en", "time": "2022-06-09T00:00:00+00:00", "value": "CVE-2016-2388 added to CISA KEV"}]}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-02-10T00:00:00.000Z", "references": [{"url": "http://seclists.org/fulldisclosure/2016/May/55", "name": "20160523 [ERPSCAN-16-010] SAP NetWeaver AS JAVA - information disclosure vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html", "tags": ["x_refsource_MISC"]}, {"url": "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/", "tags": ["x_refsource_MISC"]}, {"url": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/", "tags": ["x_refsource_MISC"]}, {"url": "https://www.exploit-db.com/exploits/39841/", "name": "39841", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "https://www.exploit-db.com/exploits/43495/", "name": "43495", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2021-04-27T13:14:53.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://seclists.org/fulldisclosure/2016/May/55", "name": "20160523 [ERPSCAN-16-010] SAP NetWeaver AS JAVA - information disclosure vulnerability", "refsource": "FULLDISC"}, {"url": "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html", "name": "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html", "refsource": "MISC"}, {"url": "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/", "name": "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/", "refsource": "MISC"}, {"url": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/", "name": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/", "refsource": "MISC"}, {"url": "https://www.exploit-db.com/exploits/39841/", "name": "39841", "refsource": "EXPLOIT-DB"}, {"url": "https://www.exploit-db.com/exploits/43495/", "name": "43495", "refsource": "EXPLOIT-DB"}, {"url": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html", "name": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-2388", "STATE": "PUBLIC", "ASSIGNER": "cve@mitre.org"}}}}, "cveMetadata": {"cveId": "CVE-2016-2388", "state": "PUBLISHED", "dateUpdated": "2025-07-28T19:45:20.657Z", "dateReserved": "2016-02-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2016-02-16T15:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-06-30", "cisaExploitAdd": "2022-06-09", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "SAP NetWeaver Information Disclosure Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:*", "matchCriteriaId": "70F75AAE-5A52-4B9A-B8E8-8E1BE573B21D", "versionEndIncluding": "7.50", "versionStartIncluding": "7.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846."}, {"lang": "es", "value": "El Universal Worklist Configuration en SAP NetWeaver AS JAVA 7.4 permite a los atacantes remotos obtener informaci\u00f3n sensible de los usuarios a trav\u00e9s de una solicitud HTTP manipulada, tambi\u00e9n conocida como SAP Security Note 2256846"}], "id": "CVE-2016-2388", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2016-02-16T15:59:02.103", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/May/55"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "Broken Link"], "url": "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "Broken Link"], "url": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39841/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43495/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/137128/SAP-NetWeaver-AS-JAVA-7.5-Information-Disclosure.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2016/May/55"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Broken Link"], "url": "https://erpscan.io/advisories/erpscan-16-010-sap-netweaver-7-4-information-disclosure/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Broken Link"], "url": "https://erpscan.io/press-center/blog/sap-security-notes-february-2016-review/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39841/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43495/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}