PT-2014-8634 · Sap · Sapcryptolib+4

Published

2014-11-04

Updated

2023-10-03

CVE-2014-8587

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SAPCRYPTOLIB versions prior to 5.555.38 SAPSECULIB (affected versions not specified) CommonCryptoLib versions prior to 8.4.30

Description The issue allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. This affects SAP NetWeaver AS for ABAP and SAP HANA.

Recommendations For SAPCRYPTOLIB versions prior to 5.555.38, update to version 5.555.38 or later. For SAPSECULIB, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For CommonCryptoLib versions prior to 8.4.30, update to version 8.4.30 or later.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2014-8587

Affected Products

Commoncryptolib

Sap Hana

Sap Netweaver As Abap

Sapcryptolib

Sapseculib

PT-2014-8634 · Sap · Sapcryptolib+4

CVE-2014-8587

Weakness Enumeration

Related Identifiers

Affected Products

References · 6