CVE-2021-38177 Information

Description

SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network this causes the SAP application to crash and has high impact on the availability of the SAP system.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405 https://launchpad.support.sap.com/#/notes/3051787 http://seclists.org/fulldisclosure/2022/Jan/74 http://packetstormsecurity.com/files/165749/SAP-CommonCryptoLib-Null-Pointer-Dereference.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5