Weak Encryption in SAP Download Manager Affects Multiple Platforms
CVE-2016-3685
4.7MEDIUM
What is CVE-2016-3685?
The SAP Download Manager prior to version 2.1.143 contains a vulnerability where the encryption key is generated from a limited key space on Windows and Mac systems. This flaw enables attackers, who possess knowledge of a hardcoded key embedded within the application's code along with a computer's BIOS serial number, to access sensitive configuration information. As a result, this could potentially lead to unauthorized data exposure and impact the integrity of SAP's security measures.