CVE-2015-8329

CWE-3103 documents3 sources

Severity

5.0MEDIUM

EPSS

0.2%

top 64.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP Manufacturing Integration AND Intelligence

Timeline

PublishedNov 24

Latest updateMay 14

Description

SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDsap/manufacturing_integration_and_intelligence12.2, 14.0, 15.0+2

🔴Vulnerability Details

GHSA

GHSA-mjfw-3cv2-84gf: SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downg↗2022-05-14

▶

CVEList

CVE-2015-8329: SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downg↗2015-11-24

▶