7.5

CVE-2021-38177

SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPCommoncryptolib Version <= 8.5.38
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.22% 0.867
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
cna@sap.com 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
Vendor Advisory
http://packetstormsecurity.com/files/165749/SAP-CommonCryptoLib-Null-Pointer-Dereference.html
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2022/Jan/74
Third Party Advisory
Mailing List
Mitigation
https://launchpad.support.sap.com/#/notes/3051787
Permissions Required