All the vulnerabilites related to sap - sapseculib
Vulnerability from fkie_nvd
Published
2014-11-04 15:55
Modified
2024-11-21 02:19
Severity ?
Summary
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | commoncryptolib | * | |
| sap | sapcryptolib | * | |
| sap | sapseculib | - | |
| sap | hana | - | |
| sap | netweaver | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:commoncryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C77FFE57-674C-4214-903E-7486310AC087",
"versionEndIncluding": "8.4.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sapcryptolib:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1950C115-4304-4A2A-86CD-EC17DACFC313",
"versionEndIncluding": "5.555.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:sapseculib:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E77383EF-3BC3-4CB6-852B-4391310EDAE7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:hana:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64E722FC-5FEF-4EE2-9A88-5CD4938283F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5007E3B7-3C36-4256-9E01-51C6F52FD0FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors."
},
{
"lang": "es",
"value": "SAPCRYPTOLIB anterior a 5.555.38, SAPSECULIB, y CommonCryptoLib anterior a 8.4.30, utilizados en SAP NetWeaver AS para ABAP y SAP HANA, permiten a atacantes remotos falsificar firmas Digital Signature Algorithm (DSA) a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2014-8587",
"lastModified": "2024-11-21T02:19:23.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-04T15:55:07.310",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/57606"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "http://secunia.com/advisories/57606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201411-0218
Vulnerability from variot
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. Multiple SAP products are prone to to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks, disclose sensitive information and perform unauthorized actions. This may aid in further attacks. The following products are vulnerable: Versions prior to SAP SAPCRYPTOLIB 5.555.38 Versions prior to SAP SAPSECULIB 8.4.30 Versions prior to SAP CommonCryptoLib 8.4.30
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sapseculib",
"scope": "eq",
"trust": 1.6,
"vendor": "sap",
"version": null
},
{
"model": "netweaver",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": "*"
},
{
"model": "sapcryptolib",
"scope": "lte",
"trust": 1.0,
"vendor": "sap",
"version": "5.555.37"
},
{
"model": "commoncryptolib",
"scope": "lte",
"trust": 1.0,
"vendor": "sap",
"version": "8.4.29"
},
{
"model": "hana",
"scope": "eq",
"trust": 1.0,
"vendor": "sap",
"version": null
},
{
"model": "commoncryptolib",
"scope": "eq",
"trust": 0.9,
"vendor": "sap",
"version": "8.4.29"
},
{
"model": "commoncryptolib",
"scope": "lt",
"trust": 0.8,
"vendor": "sap",
"version": "8.4.30"
},
{
"model": "hana",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "netweaver",
"scope": null,
"trust": 0.8,
"vendor": "sap",
"version": null
},
{
"model": "sapcryptolib",
"scope": "lt",
"trust": 0.8,
"vendor": "sap",
"version": "5.555.38"
},
{
"model": "sapseculib",
"scope": "lt",
"trust": 0.8,
"vendor": "sap",
"version": "8.4.30"
},
{
"model": "sapcrytolib",
"scope": "eq",
"trust": 0.6,
"vendor": "sap",
"version": "5.555.37"
},
{
"model": "sapseculib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "8.4.29"
},
{
"model": "sapseculib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "sapcryptolib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "5.555.37"
},
{
"model": "sapcryptolib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "netweaver abap",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "hana",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "commoncryptolib",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "0"
},
{
"model": "sapseculib",
"scope": "ne",
"trust": 0.3,
"vendor": "sap",
"version": "8.4.30"
},
{
"model": "sapcryptolib",
"scope": "ne",
"trust": 0.3,
"vendor": "sap",
"version": "5.555.38"
},
{
"model": "commoncryptolib",
"scope": "ne",
"trust": 0.3,
"vendor": "sap",
"version": "8.4.30"
}
],
"sources": [
{
"db": "BID",
"id": "71027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:commoncryptolib:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.4.29",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:sapcryptolib:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.555.37",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:sapseculib:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:sap:hana:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:sap:netweaver:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8587"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP",
"sources": [
{
"db": "BID",
"id": "71027"
}
],
"trust": 0.3
},
"cve": "CVE-2014-8587",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-8587",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8587",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-043",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. Multiple SAP products are prone to to a security vulnerability that may allow attackers to conduct spoofing attacks. \nAn attacker can exploit this issue to conduct spoofing attacks, disclose sensitive information and perform unauthorized actions. This may aid in further attacks. \nThe following products are vulnerable:\nVersions prior to SAP SAPCRYPTOLIB 5.555.38\nVersions prior to SAP SAPSECULIB 8.4.30\nVersions prior to SAP CommonCryptoLib 8.4.30",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "BID",
"id": "71027"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8587",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "57606",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043",
"trust": 0.6
},
{
"db": "BID",
"id": "71027",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "71027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"id": "VAR-201411-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.27111164
},
"last_update_date": "2023-12-18T12:38:08.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAP Security Note 2067859",
"trust": 0.8,
"url": "http://scn.sap.com/docs/doc-55451"
},
{
"title": "Potential Exposure to Digital Signature Spoofing #ABAP #Netweaver #SAP Note 2067859 http://ow.ly/CMsqF",
"trust": 0.8,
"url": "https://twitter.com/sap_gsupport/status/522401681997570048"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"trust": 1.9,
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/57606"
},
{
"trust": 1.6,
"url": "https://twitter.com/sap_gsupport/status/522401681997570048"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8587"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8587"
},
{
"trust": 0.3,
"url": "http://www.saphana.com/welcome"
},
{
"trust": 0.3,
"url": "http://scn.sap.com/community/netweaver-portal"
}
],
"sources": [
{
"db": "BID",
"id": "71027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "71027"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "71027"
},
{
"date": "2014-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"date": "2014-11-04T15:55:07.310000",
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"date": "2014-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-15T00:00:00",
"db": "BID",
"id": "71027"
},
{
"date": "2014-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005218"
},
{
"date": "2023-10-03T15:48:10.677000",
"db": "NVD",
"id": "CVE-2014-8587"
},
{
"date": "2014-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAP NetWeaver AS ABAP and SAP HANA Used in SAPCRYPTOLIB In products such as DSA Vulnerability that is forged as a signature",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005218"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-043"
}
],
"trust": 0.6
}
}
cve-2014-8587
Vulnerability from cvelistv5
Published
2014-11-04 15:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://service.sap.com/sap/support/notes/2067859 | x_refsource_CONFIRM | |
| http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/ | x_refsource_MISC | |
| https://twitter.com/SAP_Gsupport/status/522401681997570048 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/57606 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:25:59.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048"
},
{
"name": "57606",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57606"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-04T15:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048"
},
{
"name": "57606",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57606"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.sap.com/sap/support/notes/2067859",
"refsource": "CONFIRM",
"url": "http://service.sap.com/sap/support/notes/2067859"
},
{
"name": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/",
"refsource": "MISC",
"url": "http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/"
},
{
"name": "https://twitter.com/SAP_Gsupport/status/522401681997570048",
"refsource": "CONFIRM",
"url": "https://twitter.com/SAP_Gsupport/status/522401681997570048"
},
{
"name": "57606",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57606"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8587",
"datePublished": "2014-11-04T15:00:00Z",
"dateReserved": "2014-11-04T00:00:00Z",
"dateUpdated": "2024-09-16T20:17:25.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}