All the vulnerabilites related to sap - sapcryptolib
cve-2014-8587
Vulnerability from cvelistv5
Published
2014-11-04 15:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://service.sap.com/sap/support/notes/2067859 | x_refsource_CONFIRM | |
| http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/ | x_refsource_MISC | |
| https://twitter.com/SAP_Gsupport/status/522401681997570048 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/57606 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:25:59.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048"
},
{
"name": "57606",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048"
},
{
"name": "57606",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57606"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.sap.com/sap/support/notes/2067859",
"refsource": "CONFIRM",
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"name": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"name": "https://twitter.com/SAP_Gsupport/status/522401681997570048",
"refsource": "CONFIRM",
"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048"
},
{
"name": "57606",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57606"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8587",
"datePublished": "2014-11-04T15:00:00Z",
"dateReserved": "2014-11-04T00:00:00Z",
"dateUpdated": "2024-09-16T20:17:25.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-4407
Vulnerability from cvelistv5
Published
2016-10-13 14:00
Modified
2024-08-06 00:25
Severity ?
EPSS score ?
Summary
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/93502 | vdb-entry, x_refsource_BID | |
| http://seclists.org/fulldisclosure/2016/Oct/32 | mailing-list, x_refsource_FULLDISC | |
| https://www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:25:14.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93502"
},
{
"name": "20161011 Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "93502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93502"
},
{
"name": "20161011 Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-4407",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93502"
},
{
"name": "20161011 Onapsis Security Advisory ONAPSIS-2016-029: SAP Missing Signature Check in DSA Algorithm",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2016/Oct/32"
},
{
"name": "https://www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm",
"refsource": "MISC",
"url": "https://www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-4407",
"datePublished": "2016-10-13T14:00:00",
"dateReserved": "2016-04-29T00:00:00",
"dateUpdated": "2024-08-06T00:25:14.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2016-10-13 14:59
Modified
2024-11-21 02:52
Severity ?
Summary
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | sapcryptolib | 5.555.38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:sapcryptolib:5.555.38:*:*:*:*:*:*:*",
"matchCriteriaId": "61194C87-D116-4822-A83E-FB3B5930A497",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008."
},
{
"lang": "es",
"value": "El algoritmo de implementaci\u00f3n DSA en SAP SAPCRYPTOLIB 5.555.38 no comprueba adecuadamente las firmas, lo que permite a usuarios remotos autenticados imitar usuarios arbitrarios a trav\u00e9s de vectores no especificados, vulnerabilidad tambi\u00e9n conocida como SAP Security Note 2223008."
}
],
"id": "CVE-2016-4407",
"lastModified": "2024-11-21T02:52:04.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-13T14:59:06.190",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/32"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/93502"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2016/Oct/32"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/93502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-11-04 15:55
Modified
2024-11-21 02:19
Severity ?
Summary
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | commoncryptolib | * | |
| sap | sapcryptolib | * | |
| sap | sapseculib | - | |
| sap | hana | - | |
| sap | netweaver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:commoncryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77FFE57-674C-4214-903E-7486310AC087",
"versionEndIncluding": "8.4.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sapcryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1950C115-4304-4A2A-86CD-EC17DACFC313",
"versionEndIncluding": "5.555.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sapseculib:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E77383EF-3BC3-4CB6-852B-4391310EDAE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:hana:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64E722FC-5FEF-4EE2-9A88-5CD4938283F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5007E3B7-3C36-4256-9E01-51C6F52FD0FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors."
},
{
"lang": "es",
"value": "SAPCRYPTOLIB anterior a 5.555.38, SAPSECULIB, y CommonCryptoLib anterior a 8.4.30, utilizados en SAP NetWeaver AS para ABAP y SAP HANA, permiten a atacantes remotos falsificar firmas Digital Signature Algorithm (DSA) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-8587",
"lastModified": "2024-11-21T02:19:23.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-04T15:55:07.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/57606"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/57606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201411-0218
Vulnerability from variot
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. Multiple SAP products are prone to to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks, disclose sensitive information and perform unauthorized actions. This may aid in further attacks. The following products are vulnerable: Versions prior to SAP SAPCRYPTOLIB 5.555.38 Versions prior to SAP SAPSECULIB 8.4.30 Versions prior to SAP CommonCryptoLib 8.4.30
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sapseculib",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "netweaver",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "*"
},
{
"model": "sapcryptolib",
"scope": "lte",
"trust": 1.0,
"vendor": "sap",
"version": "5.555.37"
},
{
"model": "commoncryptolib",
"scope": "lte",
"trust": 1.0,
"vendor": "sap",
"version": "8.4.29"
},
{
"model": "hana",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": null
},
{
"model": "commoncryptolib",
"scope": "eq",
"trust": 0.9,
"vendor": "sap",
"version": "8.4.29"
},
{
"model": "commoncryptolib",
"scope": "lt",
"trust": 0.8,
"vendor": "sap",
"version": "8.4.30"
},
{
"model": "hana",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "sapcryptolib",
"scope": "lt",
"trust": 0.8,
"vendor": "sap",
"version": "5.555.38"
},
{
"model": "sapseculib",
"scope": "lt",
"trust": 0.8,
"vendor": "sap",
"version": "8.4.30"
},
{
"model": "sapcrytolib",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "5.555.37"
},
{
"model": "sapseculib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "8.4.29"
},
{
"model": "sapseculib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "sapcryptolib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "5.555.37"
},
{
"model": "sapcryptolib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "hana",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "commoncryptolib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "sapseculib",
"scope": "ne",
"trust": 0.3,
"vendor": "sap",
"version": "8.4.30"
},
{
"model": "sapcryptolib",
"scope": "ne",
"trust": 0.3,
"vendor": "sap",
"version": "5.555.38"
},
{
"model": "commoncryptolib",
"scope": "ne",
"trust": 0.3,
"vendor": "sap",
"version": "8.4.30"
}
],
"sources": [
{
"db": "BID",
"id": "71027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:commoncryptolib:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4.29",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:sapcryptolib:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.555.37",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:sapseculib:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:hana:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8587"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP",
"sources": [
{
"db": "BID",
"id": "71027"
}
],
"trust": 0.3
},
"cve": "CVE-2014-8587",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-8587",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8587",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-043",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. Multiple SAP products are prone to to a security vulnerability that may allow attackers to conduct spoofing attacks. \nAn attacker can exploit this issue to conduct spoofing attacks, disclose sensitive information and perform unauthorized actions. This may aid in further attacks. \nThe following products are vulnerable:\nVersions prior to SAP SAPCRYPTOLIB 5.555.38\nVersions prior to SAP SAPSECULIB 8.4.30\nVersions prior to SAP CommonCryptoLib 8.4.30",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "BID",
"id": "71027"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8587",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "57606",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043",
"trust": 0.6
},
{
"db": "BID",
"id": "71027",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "71027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"id": "VAR-201411-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.27111164
},
"last_update_date": "2023-12-18T12:38:08.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Note 2067859",
"trust": 0.8,
"url": "http://scn.sap.com/docs/doc-55451"
},
{
"title": "Potential Exposure to Digital Signature Spoofing #ABAP #Netweaver #SAP Note 2067859 http://ow.ly/CMsqF",
"trust": 0.8,
"url": "https://twitter.com/sap_gsupport/status/522401681997570048"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"trust": 1.9,
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/57606"
},
{
"trust": 1.6,
"url": "https://twitter.com/sap_gsupport/status/522401681997570048"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8587"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8587"
},
{
"trust": 0.3,
"url": "http://www.saphana.com/welcome"
},
{
"trust": 0.3,
"url": "http://scn.sap.com/community/netweaver-portal"
}
],
"sources": [
{
"db": "BID",
"id": "71027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "71027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "71027"
},
{
"date": "2014-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"date": "2014-11-04T15:55:07.310000",
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"date": "2014-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "71027"
},
{
"date": "2014-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"date": "2023-10-03T15:48:10.677000",
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"date": "2014-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver AS ABAP and SAP HANA Used in SAPCRYPTOLIB In products such as DSA Vulnerability that is forged as a signature",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
],
"trust": 0.6
}
}