Spoofing Vulnerability in SAP NetWeaver AS for ABAP and SAP HANA
CVE-2014-8587

Currently unrated

Key Information:

Vendor: SAP
Status: Commoncryptolib; SAPcryptolib; SAPseculib; Hana
Vendor: CVE Published:; 4 November 2014

Summary

A vulnerability in SAPCRYPTOLIB, SAPSECULIB, and CommonCryptoLib allows attackers to spoof Digital Signature Algorithm (DSA) signatures used within SAP NetWeaver AS for ABAP and SAP HANA. This could compromise data integrity by allowing unauthorized actions to be performed under the guise of legitimate digital signatures. Users and organizations utilizing these affected SAP products should ensure they are on supported versions to mitigate the risk associated with this vulnerability.

References

http://service.sap.com/sap/support/notes/2067859

x_refsource_CONFIRM

http://blog.onapsis.com/sap-security-note-2067859-potenti...

x_refsource_MISC

https://twitter.com/SAP_Gsupport/status/522401681997570048

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 4, 2014