CVE-2014-8587

SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/	Broken Link
http://secunia.com/advisories/57606	Not Applicable
http://service.sap.com/sap/support/notes/2067859	Permissions Required
https://twitter.com/SAP_Gsupport/status/522401681997570048	Broken Link

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:sap:commoncryptolib::::::::
	cpe:2.3:a:sap:sapcryptolib::::::::
	cpe:2.3:a:sap:sapseculib:-:::::::*

OR	cpe:2.3:a:sap:hana:-:::::::*
	cpe:2.3:a:sap:netweaver::::::::

History

03 Oct 2023, 15:48

Type	Values Removed	Values Added
References	~~(SECUNIA) http://secunia.com/advisories/57606 -~~	(SECUNIA) http://secunia.com/advisories/57606 - Not Applicable
References	~~(MISC) http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/ -~~	(MISC) http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/ - Broken Link
References	~~(CONFIRM) http://service.sap.com/sap/support/notes/2067859 -~~	(CONFIRM) http://service.sap.com/sap/support/notes/2067859 - Permissions Required
References	~~(CONFIRM) https://twitter.com/SAP_Gsupport/status/522401681997570048 -~~	(CONFIRM) https://twitter.com/SAP_Gsupport/status/522401681997570048 - Broken Link
First Time		Sap sapcryptolib
CPE	cpe:2.3:a:sap:sapcrytolib::::::::	cpe:2.3:a:sap:sapcryptolib::::::::

Information

Published : 2014-11-04 15:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-8587

Mitre link : CVE-2014-8587

CVE.ORG link : CVE-2014-8587

JSON object : View

Products Affected

sap

sapcryptolib
hana
sapseculib
commoncryptolib
netweaver

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2014-8587", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-04T15:55:07.310", "references": [{"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/57606", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://service.sap.com/sap/support/notes/2067859", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors."}, {"lang": "es", "value": "SAPCRYPTOLIB anterior a 5.555.38, SAPSECULIB, y CommonCryptoLib anterior a 8.4.30, utilizados en SAP NetWeaver AS para ABAP y SAP HANA, permiten a atacantes remotos falsificar firmas Digital Signature Algorithm (DSA) a trav\u00e9s de vectores no especificados."}], "lastModified": "2023-10-03T15:48:10.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:commoncryptolib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C77FFE57-674C-4214-903E-7486310AC087", "versionEndIncluding": "8.4.29"}, {"criteria": "cpe:2.3:a:sap:sapcryptolib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1950C115-4304-4A2A-86CD-EC17DACFC313", "versionEndIncluding": "5.555.37"}, {"criteria": "cpe:2.3:a:sap:sapseculib:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E77383EF-3BC3-4CB6-852B-4391310EDAE7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:hana:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64E722FC-5FEF-4EE2-9A88-5CD4938283F1"}, {"criteria": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5007E3B7-3C36-4256-9E01-51C6F52FD0FF"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}