Vulnerability Details CVE-2016-4407
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.6%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://seclists.org/fulldisclosure/2016/Oct/32
- http://www.securityfocus.com/bid/93502
- https://www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm
- http://seclists.org/fulldisclosure/2016/Oct/32
- http://www.securityfocus.com/bid/93502
- https://www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm
Products affected by CVE-2016-4407
-
cpe:2.3:a:sap:sapcryptolib:5.555.38