Vulnerability Details : CVE-2015-8329
SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274.
Products affected by CVE-2015-8329
- cpe:2.3:a:sap:manufacturing_integration_and_intelligence:12.2:*:*:*:*:*:*:*
- cpe:2.3:a:sap:manufacturing_integration_and_intelligence:15.0:*:*:*:*:*:*:*
- cpe:2.3:a:sap:manufacturing_integration_and_intelligence:14.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-8329
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8329
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-8329
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-8329
-
https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/
[ERPSCAN-15-031] SAP MII - Encryption Downgrade vulnerability
-
http://seclists.org/fulldisclosure/2016/Feb/68
Full Disclosure: [ERPSCAN-15-031] SAP MII – Encryption Downgrade vulnerability
-
http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html
SAP MII 12.2 / 14.0 / 15.0 Cryptography Issues ≈ Packet StormThird Party Advisory;VDB Entry
Jump to