CVE-2021-38177

Description

SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

SAP_SE / SAP CommonCryptoLib< 8.5.38 or lower – < 8.5.38 or lower

References

MISChttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
MISChttps://launchpad.support.sap.com/#/notes/3051787
MAILING_LISThttp://seclists.org/fulldisclosure/2022/Jan/74
EXPLOIThttp://packetstormsecurity.com/files/165749/SAP-CommonCryptoLib-Null-Pointer-Dereference.html