Description
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- SAP_SE / SAP CommonCryptoLib8 – 8
- SAP_SE / SAP Content Server6.50 – 6.50
- SAP_SE / SAP Content Server7.54 – 7.54
- SAP_SE / SAP Content Server7.53 – 7.53
- SAP_SE / SAP Extended Application Services and Runtime (XSA)XS_ADVANCED_RUNTIME 1.00 – XS_ADVANCED_RUNTIME 1.00
- SAP_SE / SAP Extended Application Services and Runtime (XSA)SAP_EXTENDED_APP_SERVICES 1 – SAP_EXTENDED_APP_SERVICES 1
- SAP_SE / SAP HANA database2.00 – 2.00
- SAP_SE / SAP Host Agent722 – 722
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.92 – KERNEL 7.92
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.93 – KERNEL 7.93
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 8.04 – KERNEL 8.04
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64UC 7.22 – KERNEL64UC 7.22
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64UC 7.22EXT – KERNEL64UC 7.22EXT
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64UC 7.53 – KERNEL64UC 7.53
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64UC 8.04 – KERNEL64UC 8.04
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64NUC 7.22EXT – KERNEL64NUC 7.22EXT
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL64NUC 7.22 – KERNEL64NUC 7.22
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.22 – KERNEL 7.22
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.53 – KERNEL 7.53
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.54 – KERNEL 7.54
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.77 – KERNEL 7.77
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.85 – KERNEL 7.85
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.89 – KERNEL 7.89
- SAP_SE / SAP NetWeaver AS ABAP, SAP NetWeaver AS Java and ABAP Platform of S/4HANA on-premiseKERNEL 7.91 – KERNEL 7.91
- SAP_SE / SAPSSOEXT17 – 17
- SAP_SE / SAP Web Dispatcher7.85 – 7.85
- SAP_SE / SAP Web Dispatcher7.77 – 7.77
- SAP_SE / SAP Web Dispatcher7.89 – 7.89
- SAP_SE / SAP Web Dispatcher7.53 – 7.53
- SAP_SE / SAP Web Dispatcher7.22EXT – 7.22EXT
- SAP_SE / SAP Web Dispatcher7.54 – 7.54