CVE-2015-8329

SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2016/Feb/68
https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:manufacturing_integration_and_intelligence:12.2:::::::*
	cpe:2.3:a:sap:manufacturing_integration_and_intelligence:15.0:::::::*
	cpe:2.3:a:sap:manufacturing_integration_and_intelligence:14.0:::::::*

Information

Published : 2015-11-24 12:59

Updated : 2018-12-10 11:29

NVD link : CVE-2015-8329

Mitre link : CVE-2015-8329

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

sap

manufacturing_integration_and_intelligence

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html", "name": "http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2016/Feb/68", "name": "20160212 [ERPSCAN-15-031] SAP MII - Encryption Downgrade vulnerability", "tags": [], "refsource": "FULLDISC"}, {"url": "https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/", "name": "https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-8329", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": true, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-11-24T20:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sap:manufacturing_integration_and_intelligence:12.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:manufacturing_integration_and_intelligence:15.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sap:manufacturing_integration_and_intelligence:14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-12-10T19:29Z"}

5.0 /10