Описание
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:commoncryptolib:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:content_server:6.50:*:*:*:*:*:*:*
cpe:2.3:a:sap:content_server:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:content_server:7.54:*:*:*:*:*:*:*
cpe:2.3:a:sap:extended_application_services_and_runtime:1.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:hana_database:2.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:host_agent:722:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.54:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.89:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.91:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.92:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_7.93:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel_8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel64nuc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:kernel64uc_8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.54:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.89:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.91:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.92:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel_7.93:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel_8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel64nuc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_java:kernel64uc_8.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapssoext:17.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.22ext:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.53:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.54:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.77:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.85:*:*:*:*:*:*:*
cpe:2.3:a:sap:web_dispatcher:7.89:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00131
Низкий
7.5 High
CVSS3
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 7.5
github
больше 2 лет назад
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
CVSS3: 7.5
fstec
больше 2 лет назад
Уязвимость библиотеки SAP CommonCryptoLib, связанная с ошибками разыменования указателей, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
Процентиль: 33%
0.00131
Низкий
7.5 High
CVSS3
Дефекты
CWE-787