CVE-2021-38177

Published: Sep 14, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.

Affected (1)

Products: Sap: Commoncryptolib

1 product

Commoncryptolib

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Commoncryptolib	Up to 8.5.38

Related CWEs

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (8)

http://packetstormsecurity.com/files/165749/SAP-CommonCryptoLib-Null-Pointer-Dereference.html

Source: cna@sap.com

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2022/Jan/74

Source: cna@sap.com

Mailing ListMitigationThird Party Advisory

https://launchpad.support.sap.com/#/notes/3051787

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405

Source: cna@sap.com

Vendor Advisory

http://packetstormsecurity.com/files/165749/SAP-CommonCryptoLib-Null-Pointer-Dereference.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2022/Jan/74

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListMitigationThird Party Advisory

https://launchpad.support.sap.com/#/notes/3051787

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.