SQL Injection Vulnerability in getUserUddiElements Method in SAP NetWeaver AS Java 7.4

SQL Injection Vulnerability in getUserUddiElements Method in SAP NetWeaver AS Java 7.4

CVE-2017-7717 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.

Learn more about our User Device Pen Test.