CVE-2023-40308

SAP CommonCryptoLiballows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sapCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
VendorProductVersion
sapcommoncryptolib
8.0.0
sapcontent_server
6.50
sapcontent_server
7.53
sapcontent_server
7.54
sapextended_application_services_and_runtime
1.0
saphana_database
2.0
sapnetweaver_application_server_abap
7.22ext:ext
sapsapssoext
17.0
sapweb_dispatcher
7.22ext:ext
sapweb_dispatcher
7.53
sapweb_dispatcher
7.54
sapweb_dispatcher
7.77
sapweb_dispatcher
7.85
sapweb_dispatcher
7.89
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://me.sap.com/notes/3327896
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://me.sap.com/notes/3327896
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html