CVE-2014-8587

Description

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.

Related CPE's

asapsapseculib-*******

asapcommoncryptolib********

asapsapcrytolib********

asapnetweaver********

asaphana-*******

References

http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/

https://twitter.com/SAP_Gsupport/status/522401681997570048

http://service.sap.com/sap/support/notes/2067859

57606

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

7.5

Created by Yello
About Severity.io