Vulnerability Description
SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Manufacturing Integration And Intelligence | 12.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Feb/68
- https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/
- http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Third Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Feb/68
- https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/
FAQ
What is CVE-2015-8329?
CVE-2015-8329 is a vulnerability with a CVSS score of 5.0 (MEDIUM). SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified...
How severe is CVE-2015-8329?
CVE-2015-8329 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8329?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Manufacturing Integration And Intelligence.