Vulnerabilities > CVE-2016-3684 - Unspecified vulnerability in SAP Download Manager 1.1.3.0/2.1.142

047910
CVSS 4.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
local
high complexity
sap

Summary

SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption key to protect stored data, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of this key, aka SAP Security Note 2282338.

Vulnerable Configurations

Part Description Count
Application
Sap
2
OS
Apple
1
OS
Microsoft
1