Vulnerability CVE-2014-8587
Published: 2014-11-04

Description:
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.

Type:

CWE-310

 (Cryptographic Issues)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
SAP -> Commoncryptolib 
SAP -> HANA 
SAP -> Netweaver 
SAP -> Sapcrytolib 
SAP -> Sapseculib 

 References:
https://twitter.com/SAP_Gsupport/status/522401681997570048
http://service.sap.com/sap/support/notes/2067859
http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/
Copyright 2024, cxsecurity.com

 

Back to Top