First published: Thu Oct 13 2016(Updated: )
The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
SAP SAPCRYPTOLIB | =5.555.38 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-4407 has been rated as high severity due to its potential to allow authenticated users to impersonate other users.
To remediate CVE-2016-4407, update to a version of SAPCRYPTOLIB that includes the security patch addressing this vulnerability.
CVE-2016-4407 affects SAP SAPCRYPTOLIB version 5.555.38.
This vulnerability affects remote authenticated users who could exploit the improper signature checks.
The impact of CVE-2016-4407 allows unauthorized impersonation of users, which can lead to unauthorized access and actions within the system.