Description
SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/3051787
Mailing List, Mitigation, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/Jan/74
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/165749/SAP-CommonCryptoLib-Null-Pointer-Dereference.html
Scores
CVSS v3
7.5
EPSS
0.0308
EPSS Percentile
86.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
sap/commoncryptolib
< 8.5.38
Published
Sep 14, 2021
Tracked Since
Feb 18, 2026