CVE-2014-8587

EUVD-2014-8424
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
sapcommoncryptolib
𝑥
≤ 8.4.29
sapsapcryptolib
𝑥
≤ 5.555.37
sapsapseculib
-
saphana
-
sapnetweaver
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/
http://secunia.com/advisories/57606
http://service.sap.com/sap/support/notes/2067859
https://twitter.com/SAP_Gsupport/status/522401681997570048
http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/
http://secunia.com/advisories/57606
http://service.sap.com/sap/support/notes/2067859
https://twitter.com/SAP_Gsupport/status/522401681997570048