Vulnerability Description
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Commoncryptolib | <= 8.4.29 |
| Sap | Sapcryptolib | <= 5.555.37 |
| Sap | Sapseculib | - |
| Sap | Hana | - |
| Sap | Netweaver | All versions |
Related Weaknesses (CWE)
References
- http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-Broken Link
- http://secunia.com/advisories/57606Not Applicable
- http://service.sap.com/sap/support/notes/2067859Permissions Required
- https://twitter.com/SAP_Gsupport/status/522401681997570048Broken Link
- http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-Broken Link
- http://secunia.com/advisories/57606Not Applicable
- http://service.sap.com/sap/support/notes/2067859Permissions Required
- https://twitter.com/SAP_Gsupport/status/522401681997570048Broken Link
FAQ
What is CVE-2014-8587?
CVE-2014-8587 is a vulnerability with a CVSS score of 7.5 (HIGH). SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signa...
How severe is CVE-2014-8587?
CVE-2014-8587 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8587?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Commoncryptolib, Sap Sapcryptolib, Sap Sapseculib, Sap Hana, Sap Netweaver.