CVE-2017-7696

Name of the Vulnerable Software and Affected Versions SAP AS JAVA SSO Authentication Library versions 2.0 through 3.0

Description The issue allows remote attackers to cause a denial of service, specifically memory consumption, by providing large values in the width and height parameters to the "otp logon ui resources/qr" API endpoint.

Recommendations For SAP AS JAVA SSO Authentication Library versions 2.0 through 3.0, restrict access to the "otp logon ui resources/qr" API endpoint to minimize the risk of exploitation. Avoid using large values in the width and height parameters until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.