PT-2019-4347 · Legion Of The Bouncy Castle+1 · Bouncy Castle+1

Publicado

2019-10-08

Atualizado

2021-07-21

CVE-2019-0379

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAP Process Integration, business-to-business add-on, versions 1.0 through 2.0

Description The issue is related to insufficient authentication check, which can be exploited by a remote attacker to impact the integrity of protected information. This occurs when the default security provider is changed to BouncyCastle (BC), leading to a missing authentication check.

Recommendations For versions 1.0 through 2.0, consider changing the default security provider back to its original setting or apply additional authentication checks to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Insufficient Verification of Data Authenticity

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-306CWE-345

Identificadores relacionados

BDU:2020-00067

CVE-2019-0379

Produtos afetados

Bouncy Castle

Sap Process Integration

PT-2019-4347 · Legion Of The Bouncy Castle+1 · Bouncy Castle+1

CVE-2019-0379

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5