PT-2019-4347 · Legion Of The Bouncy Castle+1 · Bouncy Castle+1

Published

2019-10-08

Updated

2021-07-21

CVE-2019-0379

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAP Process Integration, business-to-business add-on, versions 1.0 through 2.0

Description The issue is related to insufficient authentication check, which can be exploited by a remote attacker to impact the integrity of protected information. This occurs when the default security provider is changed to BouncyCastle (BC), leading to a missing authentication check.

Recommendations For versions 1.0 through 2.0, consider changing the default security provider back to its original setting or apply additional authentication checks to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authentication

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-345

Related Identifiers

BDU:2020-00067

CVE-2019-0379

Affected Products

Bouncy Castle

Sap Process Integration

PT-2019-4347 · Legion Of The Bouncy Castle+1 · Bouncy Castle+1

CVE-2019-0379

Weakness Enumeration

Related Identifiers

Affected Products

References · 5