CVE-2016-4407

2016-10-1314:00:00

mitre

www.cve.org

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

49.1%

JSON

The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008.

References

seclists.org/fulldisclosure/2016/Oct/32

www.securityfocus.com/bid/93502

www.onapsis.com/research/security-advisories/sap-missing-signature-check-dsa-algorithm