Memory Corruption vulnerability in SAP CommonCryptoLib
CVE-2023-40308

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Commoncryptolib; SAP Netweaver As Abap, SAP Netweaver As Java And Abap Platform Of S/4hana On-premise; SAP Web Dispatcher; SAP Content Server
Vendor: CVE Published:; 12 September 2023

What is CVE-2023-40308?

The memory corruption vulnerability in SAP's CommonCryptoLib allows an unauthenticated attacker to submit crafted requests to open ports, resulting in a crash of the target component. This vulnerability affects the availability of the service but does not expose any information, allowing for potential denial of service attacks. Protecting against this issue is critical for maintaining operational reliability.

Affected Version(s)

SAP CommonCryptoLib 8

SAP Content Server 6.50

SAP Content Server 7.53

References

https://me.sap.com/notes/3327896

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 12, 2023
Vulnerability Reserved
Aug 14, 2023