CVE-2021-38177

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Commoncryptolib
Vendor: CVE Published:; 14 September 2021

Summary

SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.

Affected Version(s)

SAP CommonCryptoLib < 8.5.38 or lower

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3051787

x_refsource_MISC

http://seclists.org/fulldisclosure/2022/Jan/74

mailing-listx_refsource_FULLDISC

EPSS Score

4% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 14, 2021
Vulnerability Reserved
Aug 7, 2021

.