4 matches found
CVE-2023-40309
CVE-2023-40309 affects SAP CommonCryptoLib and is caused by insufficient authentication checks, enabling possible privilege escalation for an authenticated user and potential reading/modification/deletion of restricted data. The vulnerability is rated CRITICAL (CVSSv3.1: 9.8, AV:N/AC:L/PR:N/UI:N/...
CVE-2023-40308
The CVE-2023-40308 issue affects SAP CommonCryptoLib and is caused by memory corruption triggered by an unauthenticated crafted request sent to an open port. The resulting crash makes the target component unavailable, with no impact on confidentiality or integrity reported. Evidence across multip...
CVE-2021-38177
The CVE-2021-38177 entry concerns SAP CommonCryptoLib version 8.5.38 or lower, vulnerable to a null pointer dereference when an unauthenticated attacker sends crafted HTTP data over the network. The underlying issue causes the SAP application to crash, with a high impact on availability. Document...
CVE-2014-8587
CVE-2014-8587 affects SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, used in SAP NetWeaver AS for ABAP and SAP HANA. The issue allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. Remediation: upgrade SAPCRYPTOLIB to ...