CVE-2017-7696

Published: Apr 14, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.

Affected (2)

Products: Sap: Sso Authentication Library

Sap

1 product

Sso Authentication Library

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sap Sso Authentication Library	Version 2.0
Sap Sso Authentication Library	Version 3.0

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

https://erpscan.io/advisories/erpscan-17-001-sap-java-dos-bc-iam-sso-otp-package-use-qr-servlet/

Source: cve@mitre.org

https://erpscan.io/advisories/erpscan-17-001-sap-java-dos-bc-iam-sso-otp-package-use-qr-servlet/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.