{"api_version":"1","generated_at":"2026-07-07T19:44:42+00:00","cve":"CVE-2015-8329","urls":{"html":"https://cve.report/CVE-2015-8329","api":"https://cve.report/api/cve/CVE-2015-8329.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-8329","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-8329"},"summary":{"title":"CVE-2015-8329","description":"SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274.","state":"PUBLISHED","assigner":"mitre","published_at":"2015-11-24 20:59:24","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-310","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/","name":"https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[ERPSCAN-15-031] SAP MII - Encryption Downgrade vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2016/Feb/68","name":"http://seclists.org/fulldisclosure/2016/Feb/68","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Full Disclosure: [ERPSCAN-15-031] SAP MII – Encryption Downgrade vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html","name":"http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"SAP MII 12.2 / 14.0 / 15.0 Cryptography Issues ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-8329","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-8329","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"8329","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"manufacturing_integration_and_intelligence","cpe6":"12.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"8329","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"manufacturing_integration_and_intelligence","cpe6":"14.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"8329","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sap","cpe5":"manufacturing_integration_and_intelligence","cpe6":"15.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T08:13:32.279Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html"},{"name":"20160212 [ERPSCAN-15-031] SAP MII - Encryption Downgrade vulnerability","tags":["mailing-list","x_refsource_FULLDISC","x_transferred"],"url":"http://seclists.org/fulldisclosure/2016/Feb/68"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-11-20T00:00:00.000Z","descriptions":[{"lang":"en","value":"SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-12-10T17:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_MISC"],"url":"https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html"},{"name":"20160212 [ERPSCAN-15-031] SAP MII - Encryption Downgrade vulnerability","tags":["mailing-list","x_refsource_FULLDISC"],"url":"http://seclists.org/fulldisclosure/2016/Feb/68"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2015-8329","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/","refsource":"MISC","url":"https://erpscan.io/advisories/erpscan-15-031-using-base64-and-des-in-sap-mii/"},{"name":"http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/135761/SAP-MII-12.2-14.0-15.0-Cryptography-Issues.html"},{"name":"20160212 [ERPSCAN-15-031] SAP MII - Encryption Downgrade vulnerability","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2016/Feb/68"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2015-8329","datePublished":"2015-11-24T20:00:00.000Z","dateReserved":"2015-11-24T00:00:00.000Z","dateUpdated":"2024-08-06T08:13:32.279Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-11-24 20:59:24","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-310","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:manufacturing_integration_and_intelligence:12.2:*:*:*:*:*:*:*","matchCriteriaId":"1273F8D1-D4F4-4D73-B068-FC83053D1436"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:manufacturing_integration_and_intelligence:14.0:*:*:*:*:*:*:*","matchCriteriaId":"ADCD48D2-4E00-4544-8846-DC45AD748342"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:manufacturing_integration_and_intelligence:15.0:*:*:*:*:*:*:*","matchCriteriaId":"E49597EA-582C-4F2C-8D30-760620BA9FA6"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"8329","Ordinal":"1","Title":"CVE-2015-8329","CVE":"CVE-2015-8329","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"8329","Ordinal":"1","NoteData":"SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecified vectors, aka SAP Security Note 2240274.","Type":"Description","Title":"CVE-2015-8329"},{"CveYear":"2015","CveId":"8329","Ordinal":"2","NoteData":"2015-11-24","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"8329","Ordinal":"3","NoteData":"2018-12-10","Type":"Other","Title":"Modified"}]}}}