2.1.142

CVSS 1.9 - LOW

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

sap

NVD

Published: 2016-12-14

Updated: 2021-09-08

Summary

SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Download Manager 1.1.3.0 SAP Download Manager 2.1.142	2
OS	Microsoft Microsoft Windows -	1
OS	Apple Apple Macos -	1

References

http://packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.html
http://seclists.org/fulldisclosure/2016/Mar/20
http://www.coresecurity.com/advisories/sap-download-manager-password-weak-encryption
http://www.securityfocus.com/archive/1/537746/100/0/threaded