CVE-2014-8587

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
sapcommoncryptolib
𝑥
≤ 8.4.29
sapsapcryptolib
𝑥
≤ 5.555.37
sapsapseculib
-
saphana
-
sapnetweaver
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/
http://secunia.com/advisories/57606
http://service.sap.com/sap/support/notes/2067859
https://twitter.com/SAP_Gsupport/status/522401681997570048
http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/
http://secunia.com/advisories/57606
http://service.sap.com/sap/support/notes/2067859
https://twitter.com/SAP_Gsupport/status/522401681997570048