CVE-2015-8329

SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html	Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2016/Feb/68
https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:manufacturing_integration_and_intelligence:12.2:::::::*
	cpe:2.3:a:sap:manufacturing_integration_and_intelligence:14.0:::::::*
	cpe:2.3:a:sap:manufacturing_integration_and_intelligence:15.0:::::::*

History

No history.

Information

Published : 2015-11-24 20:59

Updated : 2024-02-04 18:53

NVD link : CVE-2015-8329

Mitre link : CVE-2015-8329

CVE.ORG link : CVE-2015-8329

JSON object : View

Products Affected

sap

manufacturing_integration_and_intelligence

CWE

CWE-310

Cryptographic Issues

{"id": "CVE-2015-8329", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-11-24T20:59:24.757", "references": [{"url": "http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2016/Feb/68", "source": "cve@mitre.org"}, {"url": "https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-310"}]}], "descriptions": [{"lang": "en", "value": "SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274."}, {"lang": "es", "value": "SAP Manufacturing Integration and Intelligence (tambi\u00e9n conocida como MII, anteriormente xMII), utiliza un cifrado d\u00e9bil (Base64 y DES),lo que permite a atacantes llevar a cabo ataques de bajada de versi\u00f3n y descifrar contrase\u00f1as a trav\u00e9s de vectores no especificados, tambi\u00e9n conocida como SAP Security Note 2240274."}], "lastModified": "2018-12-10T19:29:12.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:manufacturing_integration_and_intelligence:12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1273F8D1-D4F4-4D73-B068-FC83053D1436"}, {"criteria": "cpe:2.3:a:sap:manufacturing_integration_and_intelligence:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADCD48D2-4E00-4544-8846-DC45AD748342"}, {"criteria": "cpe:2.3:a:sap:manufacturing_integration_and_intelligence:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E49597EA-582C-4F2C-8D30-760620BA9FA6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}