CVE-2014-8587
SAP CommonCryptoLib < 8.4.30 and SAPCryptoLib < 5.555.38 - Digital Signature Spoofing
Title source: llmDescription
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.
References (4)
Core 4
Core References
Broken Link x_refsource_misc
http://blog.onapsis.com/sap-security-note-2067859-potential-exposure-to-digital-signature-spoofing/
Broken Link x_refsource_confirm
https://twitter.com/SAP_Gsupport/status/522401681997570048
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57606
Permissions Required x_refsource_confirm
http://service.sap.com/sap/support/notes/2067859
Scores
EPSS
0.0059
EPSS Percentile
69.2%
Details
CWE
CWE-310
Status
published
Products (5)
sap/commoncryptolib
< 8.4.29
sap/hana
sap/netweaver
sap/sapcryptolib
< 5.555.37
sap/sapseculib
Published
Nov 04, 2014
Tracked Since
Feb 18, 2026