CVE-2021-38177: Null Pointer Dereference
First published: Tue Sep 14 2021(Updated: )
SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network, this causes the SAP application to crash and has high impact on the availability of the SAP system.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP CommonCryptoLib | <=8.5.38 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP CommonCryptoLib vulnerability?
The vulnerability ID for this SAP CommonCryptoLib vulnerability is CVE-2021-38177.
What is the severity of CVE-2021-38177?
CVE-2021-38177 has a severity keyword of 'high' and a severity value of 7.5.
How does CVE-2021-38177 affect SAP CommonCryptoLib?
SAP CommonCryptoLib version 8.5.38 or lower is vulnerable to a null pointer dereference vulnerability when an unauthenticated attacker sends crafted malicious data in the HTTP requests over the network.
What is the impact of CVE-2021-38177 on the availability of the SAP system?
The vulnerability has a high impact on the availability of the SAP system as it can cause the SAP application to crash.
How can I fix the vulnerability CVE-2021-38177 in SAP CommonCryptoLib?
To fix the vulnerability, it is recommended to update SAP CommonCryptoLib to a version higher than 8.5.38.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap commoncryptolib
- version/sap commoncryptolib/8.5.38