Medium severity4.7NVD Advisory· Published Dec 14, 2016· Updated Jun 17, 2026
CVE-2016-3685
CVE-2016-3685
Description
SAP Download Manager 2.1.142 and earlier generates an encryption key from a small key space on Windows and Mac systems, which allows context-dependent attackers to obtain sensitive configuration information by leveraging knowledge of a hardcoded key in the program code and a computer BIOS serial number, aka SAP Security Note 2282338.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:sap:download_manager:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sap:download_manager:*:*:*:*:*:*:*:*range: <=2.1.142
- (no CPE)range: <=2.1.142
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/136172/SAP-Download-Manager-2.1.142-Weak-Encryption.htmlnvdExploitTechnical DescriptionThird Party Advisory
- www.coresecurity.com/advisories/sap-download-manager-password-weak-encryptionnvdExploitTechnical DescriptionThird Party Advisory
- seclists.org/fulldisclosure/2016/Mar/20nvdThird Party Advisory
- www.securityfocus.com/archive/1/537746/100/0/threadednvd
News mentions
0No linked articles in our index yet.