CVE-2016-3685

4.7MEDIUM

Key Information:

Vendor
SAP
Status
Download Manager
Vendor
CVE Published:
14 December 2016

Summary

SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338.

References

http://www.securityfocus.com/archive/1/537746/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.coresecurity.com/advisories/sap-download-manag...
x_refsource_MISC
http://packetstormsecurity.com/files/136172/SAP-Download-...
x_refsource_MISC

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.