CVE-2016-4407

Published: Oct 13, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008.

Affected (1)

Products: Sap: Sapcryptolib

Sap

1 product

Sapcryptolib

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Sapcryptolib	Version 5.555.38

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

http://seclists.org/fulldisclosure/2016/Oct/32

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/93502

Source: cve@mitre.org

https://www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm

Source: cve@mitre.org

Permissions Required

http://seclists.org/fulldisclosure/2016/Oct/32

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/93502

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

Timeline

No history available yet.