Vulnerability Details CVE-2014-8587
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/
- http://secunia.com/advisories/57606
- http://service.sap.com/sap/support/notes/2067859
- https://twitter.com/SAP_Gsupport/status/522401681997570048
- http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/
- http://secunia.com/advisories/57606
- http://service.sap.com/sap/support/notes/2067859
- https://twitter.com/SAP_Gsupport/status/522401681997570048
Products affected by CVE-2014-8587
-
cpe:2.3:a:sap:commoncryptolib:8.0.0
-
cpe:2.3:a:sap:commoncryptolib:8.4.29
-
cpe:2.3:a:sap:hana:-
-
cpe:2.3:a:sap:netweaver:-
-
cpe:2.3:a:sap:netweaver:2004s
-
cpe:2.3:a:sap:netweaver:4.0
-
cpe:2.3:a:sap:netweaver:6.4
-
cpe:2.3:a:sap:netweaver:600
-
cpe:2.3:a:sap:netweaver:602
-
cpe:2.3:a:sap:netweaver:603
-
cpe:2.3:a:sap:netweaver:604
-
cpe:2.3:a:sap:netweaver:605
-
cpe:2.3:a:sap:netweaver:606
-
cpe:2.3:a:sap:netweaver:617
-
cpe:2.3:a:sap:netweaver:618
-
cpe:2.3:a:sap:netweaver:7.0
-
cpe:2.3:a:sap:netweaver:7.01
-
cpe:2.3:a:sap:netweaver:7.02
-
cpe:2.3:a:sap:netweaver:7.03
-
cpe:2.3:a:sap:netweaver:7.1
-
cpe:2.3:a:sap:netweaver:7.10
-
cpe:2.3:a:sap:netweaver:7.11
-
cpe:2.3:a:sap:netweaver:7.2
-
cpe:2.3:a:sap:netweaver:7.20
-
cpe:2.3:a:sap:netweaver:7.22ext
-
cpe:2.3:a:sap:netweaver:7.3
-
cpe:2.3:a:sap:netweaver:7.30
-
cpe:2.3:a:sap:netweaver:7.31
-
cpe:2.3:a:sap:netweaver:7.4
-
cpe:2.3:a:sap:netweaver:7.40
-
cpe:2.3:a:sap:netweaver:7.41
-
cpe:2.3:a:sap:netweaver:7.49
-
cpe:2.3:a:sap:netweaver:7.5
-
cpe:2.3:a:sap:netweaver:7.50
-
cpe:2.3:a:sap:netweaver:7.51
-
cpe:2.3:a:sap:netweaver:7.52
-
cpe:2.3:a:sap:netweaver:7.53
-
cpe:2.3:a:sap:netweaver:7.77
-
cpe:2.3:a:sap:netweaver:7.81
-
cpe:2.3:a:sap:netweaver:7.85
-
cpe:2.3:a:sap:netweaver:7.86
-
cpe:2.3:a:sap:netweaver:700
-
cpe:2.3:a:sap:netweaver:701
-
cpe:2.3:a:sap:netweaver:702
-
cpe:2.3:a:sap:netweaver:707
-
cpe:2.3:a:sap:netweaver:730
-
cpe:2.3:a:sap:netweaver:731
-
cpe:2.3:a:sap:netweaver:737
-
cpe:2.3:a:sap:netweaver:740
-
cpe:2.3:a:sap:netweaver:7400.12.21.30308
-
cpe:2.3:a:sap:netweaver:747
-
cpe:2.3:a:sap:netweaver:750
-
cpe:2.3:a:sap:netweaver:751
-
cpe:2.3:a:sap:netweaver:752
-
cpe:2.3:a:sap:netweaver:753
-
cpe:2.3:a:sap:netweaver:754
-
cpe:2.3:a:sap:netweaver:755
-
cpe:2.3:a:sap:netweaver:756
-
cpe:2.3:a:sap:netweaver:757
-
cpe:2.3:a:sap:netweaver:800
-
cpe:2.3:a:sap:netweaver:802
-
cpe:2.3:a:sap:netweaver:803
-
cpe:2.3:a:sap:netweaver:804
-
cpe:2.3:a:sap:netweaver:805
-
cpe:2.3:a:sap:netweaver:806
-
cpe:2.3:a:sap:netweaver:807
-
cpe:2.3:a:sap:netweaver:application_server_java
-
cpe:2.3:a:sap:netweaver:kernel_7.22
-
cpe:2.3:a:sap:netweaver:kernel_7.53
-
cpe:2.3:a:sap:netweaver:kernel_7.54
-
cpe:2.3:a:sap:netweaver:krnl64nuc_7.22
-
cpe:2.3:a:sap:netweaver:krnl64nuc_7.22ext
-
cpe:2.3:a:sap:netweaver:krnl64uc_7.22
-
cpe:2.3:a:sap:netweaver:krnl64uc_7.22ext
-
cpe:2.3:a:sap:netweaver:krnl64uc_7.53
-
cpe:2.3:a:sap:netweaver:webdisp_7.22ext
-
cpe:2.3:a:sap:netweaver:webdisp_7.53
-
cpe:2.3:a:sap:netweaver:webdisp_7.54
-
cpe:2.3:a:sap:sapcryptolib:5.555.37
-
cpe:2.3:a:sap:sapseculib:-