CVE-2023-40308

EUVD-2023-44900
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sapCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
sapcommoncryptolib
8.0.0
sapcontent_server
6.50
sapcontent_server
7.53
sapcontent_server
7.54
sapextended_application_services_and_runtime
1.0
saphana_database
2.0
sapnetweaver_application_server_abap
7.22ext:ext
sapsapssoext
17.0
sapweb_dispatcher
7.22ext:ext
sapweb_dispatcher
7.53
sapweb_dispatcher
7.54
sapweb_dispatcher
7.77
sapweb_dispatcher
7.85
sapweb_dispatcher
7.89
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://me.sap.com/notes/3327896
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://me.sap.com/notes/3327896
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html