SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
References
| Link | Resource |
|---|---|
| http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/ | Broken Link |
| http://secunia.com/advisories/57606 | Not Applicable |
| http://service.sap.com/sap/support/notes/2067859 | Permissions Required |
| https://twitter.com/SAP_Gsupport/status/522401681997570048 | Broken Link |
Configurations
Configuration 1 (hide)
| AND |
|
History
03 Oct 2023, 15:48
| Type | Values Removed | Values Added |
|---|---|---|
| References | (CONFIRM) http://service.sap.com/sap/support/notes/2067859 - Permissions Required | |
| References | (MISC) http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/ - Broken Link | |
| References | (SECUNIA) http://secunia.com/advisories/57606 - Not Applicable | |
| References | (CONFIRM) https://twitter.com/SAP_Gsupport/status/522401681997570048 - Broken Link | |
| First Time |
Sap sapcryptolib
|
|
| CPE | cpe:2.3:a:sap:sapcryptolib:*:*:*:*:*:*:*:* |
Information
Published : 2014-11-04 15:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-8587
Mitre link : CVE-2014-8587
CVE.ORG link : CVE-2014-8587
JSON object : View
Products Affected
sap
- commoncryptolib
- netweaver
- hana
- sapseculib
- sapcryptolib
CWE
CWE-310
Cryptographic Issues