PT-2014-8634 · Sap · Sapcryptolib+4

Publicado

2014-11-04

Atualizado

2023-10-03

CVE-2014-8587

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SAPCRYPTOLIB versions prior to 5.555.38 SAPSECULIB (affected versions not specified) CommonCryptoLib versions prior to 8.4.30

Description The issue allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. This affects SAP NetWeaver AS for ABAP and SAP HANA.

Recommendations For SAPCRYPTOLIB versions prior to 5.555.38, update to version 5.555.38 or later. For SAPSECULIB, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For CommonCryptoLib versions prior to 8.4.30, update to version 8.4.30 or later.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

CVE-2014-8587

Produtos afetados

Commoncryptolib

Sap Hana

Sap Netweaver As Abap

Sapcryptolib

Sapseculib

PT-2014-8634 · Sap · Sapcryptolib+4

CVE-2014-8587

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6