Null Pointer Dereference Vulnerability in SAP CommonCryptoLib
CVE-2021-38177

7.5HIGH

Key Information:

Vendor

SAP
Status
SAP Commoncryptolib
Vendor
CVE Published:
14 September 2021

What is CVE-2021-38177?

SAP CommonCryptoLib versions 8.5.38 and earlier are susceptible to a null pointer dereference when an unauthenticated attacker sends specially crafted malicious HTTP requests. This vulnerability can lead to the crashing of the SAP application, severely affecting the system’s availability and potentially disrupting services reliant on SAP.

Affected Version(s)

SAP CommonCryptoLib < 8.5.38 or lower

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/3051787
x_refsource_MISC
http://seclists.org/fulldisclosure/2022/Jan/74
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.