Threat Advisories - NVD Disclosed February 16, 2016

CVE-2016-2388

SAP NetWeaver Information Disclosure Advisory.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

The Universal Worklist Configuration in SAP NetWeaver AS JAVA allows remote attackers to obtain sensitive user information via a crafted HTTP request. This exposes confidential user data, posing a business risk. Organizations should identify affected systems and apply vendor security updates.

NVD published: February 16, 2016 • CISA KEV

CVE advisoryKnown Exploit

CVE-2016-2386

SAP NetWeaver SQL Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A SQL injection flaw in SAP NetWeaver's UDDI server allows remote attackers to execute arbitrary SQL commands. This could lead to unauthorized data access, modification, or system disruption, posing a risk to business operations and data confidentiality.

NVD published: February 16, 2016 • CISA KEV

CVE advisoryKnown Exploit

CVE-2016-0752

Ruby on Rails File Reading Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A directory traversal vulnerability in Ruby on Rails allows remote attackers to read arbitrary files by exploiting the render method. This impacts organizations using affected Ruby on Rails versions, potentially exposing sensitive data and posing a business risk.

NVD published: February 16, 2016 • CISA KEV