CVE-2016-3685

Опубликовано: 14 дек. 2016

Источник: nvd

CVSS3: 4.7

CVSS2: 1.9

EPSS Низкий

Описание

SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338.

Ссылки

http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html
Exploit
Technical Description
Third Party Advisory
http://seclists.org/fulldisclosure/2016/Mar/20
Third Party Advisory
http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption
Exploit
Technical Description
Third Party Advisory
http://www.securityfocus.com/archive/1/537746/100/0/threaded
http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html
Exploit
Technical Description
Third Party Advisory
http://seclists.org/fulldisclosure/2016/Mar/20
Third Party Advisory
http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption
Exploit
Technical Description
Third Party Advisory
http://www.securityfocus.com/archive/1/537746/100/0/threaded

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:sap:download_manager:*:*:*:*:*:*:*:*

Версия до 2.1.142 (включая)

Одно из

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 13%

0.00044

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-255

Связанные уязвимости

GHSA-m67w-v6pq-c7w8