CVE-2016-1910

Published: Jan 15, 2016Modified: May 6, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers to decrypt unspecified data via unknown vectors, aka SAP Security Note 2191290.

Affected (1)

Products: Sap: Netweaver

Sap

1 product

Netweaver

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Netweaver	Version 7.40

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://seclists.org/fulldisclosure/2016/Apr/60

Source: cve@mitre.org

http://www.securityfocus.com/bid/80920

Source: cve@mitre.org

https://erpscan.io/advisories/erpscan-16-003-sap-netweaver-7-4-cryptographic-issues/

Source: cve@mitre.org

https://erpscan.io/press-center/blog/sap-security-notes-january-2016-review/

Source: cve@mitre.org

https://www.exploit-db.com/exploits/43495/

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2016/Apr/60